LiveActive security incident?Get immediate response
CVE archive

April 2006

Browse CVE records published in April 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 595 matching CVEs · Page 3 of 12.

Unknown · CVSS Not scored

CVE-2006-2056: Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote atta...

Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-1983: Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denia...

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.

Published Apr 21, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2081: Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN...

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.

Published Apr 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2078: Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120...

Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite.

Published Apr 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2027: Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Eas...

Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. NOTE: the original researcher claims that the vendor disputes this issue.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2055: Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to mod...

Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2072: Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attack...

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.

Published Apr 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2062: Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Fu...

Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2060: Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x...

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2058: Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to mo...

Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2057: Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify c...

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2045: The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable pe...

The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.

Published Apr 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-1990: Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent...

Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396.

Published Apr 24, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2065: SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute...

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Published Apr 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2015: Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web scr...

Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names.

Published Apr 25, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2021: Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI...

Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files.

Published Apr 25, 2006 · Updated Aug 7, 2024