LiveActive security incident?Get immediate response
CVE archive

November 2006

Browse CVE records published in November 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 518 matching CVEs · Page 5 of 11.

Unknown · CVSS Not scored

CVE-2006-5985: Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly e...

Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Published Nov 20, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5986: admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might al...

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Published Nov 20, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5950: Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authe...

Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Published Nov 17, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5911: Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers...

Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5947: Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow re...

Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Published Nov 17, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5932: Kahua before 0.7, when running multiple applications under a single supervisor, grants application access o...

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to different user accounts.

Published Nov 16, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5906: PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT...

PHP remote file inclusion vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: the issue is disputed by other researchers, who observe that $chemin is defined before use

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5920: PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attack...

PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not vulnerable." NOTE: this issue may overlap CVE-2006-5113

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5913: Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web...

Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5918: Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other version...

Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites.

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5903: Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-m...

Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder.

Published Nov 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-5902: viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail...

viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder.

Published Nov 15, 2006 · Updated Aug 7, 2024