LiveActive security incident?Get immediate response
CVE archive

December 2006

Browse CVE records published in December 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 657 matching CVEs · Page 4 of 14.

Unknown · CVSS Not scored

CVE-2006-6725: Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read...

Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6689: Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to...

Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 21, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6742: Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmwa...

Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.

Published Dec 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6737: Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5...

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."

Published Dec 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6735: modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to o...

modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.

Published Dec 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6627: Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, incl...

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."

Published Dec 18, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6699: Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote att...

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.

Published Dec 23, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6710: Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers...

Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.

Published Dec 23, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6701: Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x befor...

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.

Published Dec 23, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6695: Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 21, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6690: rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea...

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

Published Dec 21, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6672: Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute ar...

Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 21, 2006 · Updated Aug 7, 2024