Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p.
Max CVSS
5.0
EPSS Score
0.66%
Published
2006-01-31
Updated
2018-10-19
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
Max CVSS
7.8
EPSS Score
1.81%
Published
2006-01-31
Updated
2018-10-30
Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.
Max CVSS
5.0
EPSS Score
2.58%
Published
2006-01-31
Updated
2017-10-11
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
Max CVSS
7.5
EPSS Score
9.65%
Published
2006-01-31
Updated
2017-07-20
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
Max CVSS
7.5
EPSS Score
8.56%
Published
2006-01-31
Updated
2017-07-20

CVE-2006-0476

Public exploit
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
Max CVSS
7.6
EPSS Score
72.53%
Published
2006-01-31
Updated
2018-10-19
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
Max CVSS
5.0
EPSS Score
1.36%
Published
2006-01-31
Updated
2017-07-20
Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.
Max CVSS
7.5
EPSS Score
9.50%
Published
2006-01-31
Updated
2018-10-19
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.
Max CVSS
7.5
EPSS Score
26.12%
Published
2006-01-30
Updated
2018-10-19
Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.
Max CVSS
5.0
EPSS Score
6.49%
Published
2006-01-31
Updated
2017-07-20
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2006-01-27
Updated
2008-09-05
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2006-01-27
Updated
2017-07-20
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
Max CVSS
5.0
EPSS Score
2.11%
Published
2006-01-27
Updated
2018-10-19
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.
Max CVSS
5.0
EPSS Score
2.15%
Published
2006-01-27
Updated
2017-07-20
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.
Max CVSS
7.5
EPSS Score
1.76%
Published
2006-01-27
Updated
2017-07-20
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
Max CVSS
7.5
EPSS Score
10.64%
Published
2006-01-27
Updated
2017-07-20
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors.
Max CVSS
6.5
EPSS Score
0.36%
Published
2006-01-27
Updated
2017-07-20
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
Max CVSS
6.8
EPSS Score
0.69%
Published
2006-01-26
Updated
2018-10-19

CVE-2006-0441

Public exploit
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
Max CVSS
7.5
EPSS Score
38.18%
Published
2006-01-26
Updated
2018-10-19
Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
Max CVSS
5.0
EPSS Score
0.16%
Published
2006-01-26
Updated
2018-10-19
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
Max CVSS
5.0
EPSS Score
1.17%
Published
2006-01-26
Updated
2018-10-19
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2006-01-26
Updated
2017-10-11
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01.
Max CVSS
7.5
EPSS Score
2.13%
Published
2006-01-26
Updated
2018-10-19
Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability.
Max CVSS
5.0
EPSS Score
0.32%
Published
2006-01-26
Updated
2018-10-19
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
Max CVSS
5.0
EPSS Score
2.32%
Published
2006-01-25
Updated
2017-07-20
266 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!