LiveActive security incident?Get immediate response
CVE archive

October 2006

Browse CVE records published in October 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 549 matching CVEs · Page 1 of 11.

Medium · CVSS 6.1

CVE-2006-5632: Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to injec...

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Oct 31, 2006 · Updated Apr 3, 2025

High · CVSS 8.1

CVE-2006-5160: Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed dur...

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

Published Oct 3, 2006 · Updated Jan 17, 2025

Unknown · CVSS Not scored

CVE-2006-4692: Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1...

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

Published Oct 10, 2006 · Updated Oct 15, 2024

Unknown · CVSS Not scored

CVE-2006-5248: Eazy Cart stores sensitive information under the web root with insufficient access control, which allows re...

Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 12, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-5529: Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 a...

Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.

Published Oct 26, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-5169: Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote atta...

Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 4, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-5130: Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 al...

Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 2, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-5633: Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) b...

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5629: Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers t...

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5630: Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an...

Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5624: Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier al...

Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5626: Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Managem...

Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5627: Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to ex...

Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.

Published Oct 31, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5559: The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and AD...

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.

Published Oct 27, 2006 · Updated Aug 7, 2024