LiveActive security incident?Get immediate response
CVE archive

August 2006

Browse CVE records published in August 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 543 matching CVEs · Page 1 of 11.

Critical · CVSS 9.8

CVE-2006-4264: Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) f...

Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage"

Published Aug 21, 2006 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2006-4477: Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attacker...

Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4494: Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and po...

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4475: Joomla!

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4500: Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to i...

Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4471: The Admin Upload Image functionality in Joomla!

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4507: Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony Playstation...

Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4465: Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Overr...

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4472: Multiple unspecified vulnerabilities in Joomla!

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

Published Aug 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4448: Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow...

Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.

Published Aug 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-4480: Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remot...

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element.

Published Aug 31, 2006 · Updated Aug 7, 2024