LiveActive security incident?Get immediate response
CVE archive

January 2006

Browse CVE records published in January 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 561 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2006-6917: Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 al...

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

Published Jan 11, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6927: Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL comman...

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.

Published Jan 13, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6943: PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a)...

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.

Published Jan 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Published Jan 19, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6924: bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 que...

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.

Published Jan 13, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6908: Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm St...

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

Published Jan 8, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6929: Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

Published Jan 13, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6871: Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbit...

Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.

Published Jan 5, 2007 · Updated Aug 7, 2024