LiveActive security incident?Get immediate response
CVE archive

2006 CVE Archive

Browse CVE records published in 2006 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 6995 matching CVEs · Page 3 of 140.

Unknown · CVSS Not scored

CVE-2006-7000: Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) emai...

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.

Published Feb 12, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6534: Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject ar...

Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.

Published Dec 14, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-7215: The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set t...

The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.

Published Jul 3, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6687: Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Netwo...

Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 21, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6684: Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a de...

Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 21, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6391: Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enab...

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Dec 8, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-7008: Unspecified vulnerability in Joomla!

Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

Published Feb 12, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-0543: Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM...

Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 4, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-1775: Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitr...

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603.

Published Apr 13, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-6974: Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access contro...

Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.

Published Feb 7, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-7001: Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers t...

Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 12, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2006-6468: Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050...

Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates.

Published Dec 11, 2006 · Updated Sep 16, 2024