LiveActive security incident?Get immediate response
CVE archive

April 2006

Browse CVE records published in April 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 595 matching CVEs · Page 1 of 12.

Unknown · CVSS Not scored

CVE-2006-1792: Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Editi...

Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.

Published Apr 15, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-1775: Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitr...

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.

Published Apr 13, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-1646: The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Projec...

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Published Apr 6, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-7199: EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM...

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."

Published Apr 30, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-7192: Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows...

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

Published Apr 10, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2104: Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow...

Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.

Published Apr 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2103: SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to e...

SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.

Published Apr 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2005: Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP c...

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.

Published Apr 25, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2093: Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (mem...

Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.

Published Apr 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2088: Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remo...

Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).

Published Apr 29, 2006 · Updated Aug 7, 2024