LiveActive security incident?Get immediate response
CVE archive

May 2006

Browse CVE records published in May 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 594 matching CVEs · Page 2 of 12.

Unknown · CVSS Not scored

CVE-2006-2689: Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.

Published May 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2629: Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause...

Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.

Published May 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2678: Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to injec...

Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php.

Published May 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2641: ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details.

** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.

Published May 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2656: Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attacke...

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Published May 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2607: do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might al...

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Published May 25, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2589: SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execu...

SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.

Published May 25, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2633: Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and ea...

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

Published May 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-2672: Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbi...

Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.

Published May 30, 2006 · Updated Aug 7, 2024