LiveActive security incident?Get immediate response
CVE archive

February 2006

Browse CVE records published in February 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 591 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2006-7072: Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote att...

Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7024: Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers t...

Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.

Published Feb 15, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7070: Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 an...

Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6983: Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted inform...

Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published Feb 9, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7036: PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execu...

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated.

Published Feb 23, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7066: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash...

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7057: SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbit...

SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2.

Published Feb 24, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7067: Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly...

Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.

Published Feb 27, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6986: Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from...

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published Feb 9, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6987: Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted infor...

Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published Feb 9, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7019: phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via cr...

phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 15, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6990: Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information...

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

Published Feb 9, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7052: Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote...

Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.

Published Feb 24, 2007 · Updated Aug 7, 2024