LiveActive security incident?Get immediate response
CVE archive

October 2006

Browse CVE records published in October 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 549 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2006-5560: Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote a...

Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5599: Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allo...

Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.

Published Oct 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5588: Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_g...

Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5565: CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP heade...

CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5566: CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrar...

CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5563: Unspecified vulnerability in Yahoo!

Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5557: Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly ot...

Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5517: Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA)...

Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.

Published Oct 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5554: Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute ar...

Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.

Published Oct 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5558: Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local...

Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.

Published Oct 27, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5534: Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50,...

Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third party information.

Published Oct 26, 2006 · Updated Aug 7, 2024