LiveActive security incident?Get immediate response
CVE archive

March 2006

Browse CVE records published in March 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 642 matching CVEs · Page 2 of 13.

Unknown · CVSS Not scored

CVE-2006-7095: Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1....

Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.

Published Mar 2, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7140: The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key wi...

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

Published Mar 7, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7138: SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Orac...

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

Published Mar 7, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7120: PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0....

PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php

Published Mar 6, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7135: PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows re...

PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Mar 7, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7146: PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 an...

PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions

Published Mar 7, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7103: Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other version...

Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.

Published Mar 3, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7117: Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include...

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Published Mar 6, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7141: Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard val...

Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability

Published Mar 7, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-7123: Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other ve...

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

Published Mar 6, 2007 · Updated Aug 7, 2024