parser.exe in Océ (OCE) 3121/3122 Printer allows remote attackers to cause a denial of service (crash or reboot) via a long request, possibly triggering a buffer overflow.
Max CVSS
7.8
EPSS Score
3.35%
Published
2006-04-29
Updated
2020-02-10
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.
Max CVSS
7.5
EPSS Score
11.88%
Published
2006-04-29
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
Max CVSS
4.3
EPSS Score
0.43%
Published
2006-04-29
Updated
2017-07-20
Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter.
Max CVSS
5.0
EPSS Score
0.18%
Published
2006-04-29
Updated
2008-09-05
Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.
Max CVSS
6.8
EPSS Score
1.90%
Published
2006-04-29
Updated
2017-07-20
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
Max CVSS
2.1
EPSS Score
0.62%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
7.8
EPSS Score
0.71%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
5.0
EPSS Score
12.96%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
7.8
EPSS Score
0.71%
Published
2006-04-29
Updated
2018-10-18
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Max CVSS
5.0
EPSS Score
6.82%
Published
2006-04-29
Updated
2018-10-18
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.
Max CVSS
7.5
EPSS Score
0.34%
Published
2006-04-29
Updated
2008-09-05
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
Max CVSS
7.5
EPSS Score
1.12%
Published
2006-04-29
Updated
2018-10-18
plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
0.63%
Published
2006-04-29
Updated
2018-10-18
Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off.
Max CVSS
5.0
EPSS Score
1.05%
Published
2006-04-29
Updated
2017-07-20
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
Max CVSS
5.1
EPSS Score
40.63%
Published
2006-04-29
Updated
2021-07-23
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.
Max CVSS
2.6
EPSS Score
5.27%
Published
2006-04-29
Updated
2018-10-18
Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors.
Max CVSS
5.0
EPSS Score
4.25%
Published
2006-04-29
Updated
2017-07-20
admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.
Max CVSS
5.0
EPSS Score
0.63%
Published
2006-04-29
Updated
2018-10-18
Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.
Max CVSS
7.5
EPSS Score
0.16%
Published
2006-04-29
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.
Max CVSS
4.3
EPSS Score
0.32%
Published
2006-04-29
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).
Max CVSS
4.3
EPSS Score
0.23%
Published
2006-04-29
Updated
2018-10-18
The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.
Max CVSS
5.0
EPSS Score
4.69%
Published
2006-04-29
Updated
2017-07-20

CVE-2006-2086

Public exploit
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
Max CVSS
7.5
EPSS Score
93.02%
Published
2006-04-29
Updated
2018-10-18
Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
Max CVSS
5.1
EPSS Score
8.48%
Published
2006-04-29
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.
Max CVSS
4.3
EPSS Score
0.86%
Published
2006-04-29
Updated
2018-10-18
575 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!