LiveActive security incident?Get immediate response
CVE archive

September 2006

Browse CVE records published in September 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 556 matching CVEs · Page 1 of 12.

Critical · CVSS 9.8

CVE-2006-5021: Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute...

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Sep 27, 2006 · Updated Apr 3, 2025

High · CVSS 7.8

CVE-2006-4663: The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies we...

The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios

Published Sep 9, 2006 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2006-4884: Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inje...

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Sep 19, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-7240: gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings f...

gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.

Published Sep 7, 2010 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-7223: PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user w...

PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.

Published Sep 14, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-5097: PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote a...

PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability.

Published Sep 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5089: PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attacke...

PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion

Published Sep 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5096: Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-php...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action.

Published Sep 29, 2006 · Updated Aug 7, 2024