LiveActive security incident?Get immediate response
CVE archive

December 2006

Browse CVE records published in December 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 657 matching CVEs · Page 2 of 14.

Unknown · CVSS Not scored

CVE-2006-6825: Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access...

Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6799: SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote...

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Published Dec 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6815: Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authe...

Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.

Published Dec 29, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6769: Multiple cross-site scripting (XSS) vulnerabilities in PHP Live!

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.

Published Dec 27, 2006 · Updated Aug 7, 2024