LiveActive security incident?Get immediate response
CVE archive

June 2006

Browse CVE records published in June 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 643 matching CVEs · Page 2 of 13.

Unknown · CVSS Not scored

CVE-2006-3305: Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow...

Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.

Published Jun 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3202: The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see...

The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.

Published Jun 23, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3327: Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to...

Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.

Published Jun 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3291: The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wir...

The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.

Published Jun 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3302: PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when regist...

PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.

Published Jun 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3266: Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals...

Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.

Published Jun 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3216: Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote atta...

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.

Published Jun 24, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3209: The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions,...

The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation

Published Jun 24, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3278: Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to in...

Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.

Published Jun 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3298: Yahoo!

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.

Published Jun 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3226: Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port...

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."

Published Jun 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-3233: Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versi...

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.

Published Jun 27, 2006 · Updated Aug 7, 2024