LiveActive security incident?Get immediate response
CVE archive

May 2006

Browse CVE records published in May 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 594 matching CVEs · Page 1 of 12.

High · CVSS 7.3

CVE-2006-2362: Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, a...

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

Published May 15, 2006 · Updated Jan 16, 2025

Unknown · CVSS Not scored

CVE-2006-7196: Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through...

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.

Published May 9, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3456: The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in N...

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.

Published May 11, 2007 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2649: Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price...

Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php.

Published May 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2679: Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client...

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.

Published May 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2617: (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to...

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.

Published May 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2685: PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, wit...

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.

Published May 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2686: PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary P...

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder.

Published May 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2642: ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details.

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.

Published May 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2674: Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute...

Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp.

Published May 30, 2006 · Updated Aug 7, 2024