CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-3334 DoS Exec Code Overflow 2006-06-30 2010-09-15
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
2 CVE-2006-3333 Sql XSS 2006-06-30 2008-10-09
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.
3 CVE-2006-3332 Exec Code Sql 2006-06-30 2008-10-09
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters.
4 CVE-2006-3331 2006-06-30 2008-09-05
5.0
None Remote Low Not required None Partial None
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
5 CVE-2006-3330 Exec Code XSS 2006-06-30 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
6 CVE-2006-3329 Exec Code Sql 2006-06-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.
7 CVE-2006-3328 XSS 2006-06-30 2008-10-09
5.8
None Remote Medium Not required Partial Partial None
new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs.
8 CVE-2006-3327 XSS 2006-06-30 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.
9 CVE-2006-3326 Dir. Trav. 2006-06-30 2008-09-05
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10 CVE-2006-3325 2006-06-30 2008-09-05
5.0
None Remote Low Not required None Partial None
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
11 CVE-2006-3324 2006-06-30 2008-09-05
5.0
None Remote Low Not required None Partial None
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
12 CVE-2006-3323 Exec Code XSS File Inclusion 2006-06-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.
13 CVE-2006-3322 Exec Code Sql 2006-06-30 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
14 CVE-2006-3321 XSS 2006-06-30 2008-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.
15 CVE-2006-3320 XSS 2006-06-29 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
16 CVE-2006-3319 XSS 2006-06-29 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.
17 CVE-2006-3318 89 Exec Code Sql 2006-06-29 2011-08-05
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
18 CVE-2006-3317 1 Exec Code File Inclusion 2006-06-29 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
19 CVE-2006-3316 Exec Code File Inclusion 2006-06-29 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116.
20 CVE-2006-3315 Exec Code File Inclusion 2006-06-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.
21 CVE-2006-3314 Exec Code File Inclusion 2006-06-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter.
22 CVE-2006-3313 XSS 2006-06-29 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.
23 CVE-2006-3312 XSS 2006-06-29 2013-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.
24 CVE-2006-3309 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
25 CVE-2006-3308 XSS 2006-06-28 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).
26 CVE-2006-3307 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.
27 CVE-2006-3306 XSS 2006-06-28 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the preparestring funtion in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
28 CVE-2006-3305 XSS 2006-06-28 2008-10-09
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.
29 CVE-2006-3304 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
30 CVE-2006-3303 XSS 2006-06-28 2008-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.
31 CVE-2006-3302 Exec Code File Inclusion 2006-06-28 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
32 CVE-2006-3301 XSS 2006-06-28 2008-10-09
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.
33 CVE-2006-3300 Exec Code File Inclusion 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
34 CVE-2006-3299 XSS 2006-06-28 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
35 CVE-2006-3298 DoS 2006-06-28 2008-09-05
5.0
None Remote Low Not required None None Partial
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
36 CVE-2006-3297 XSS 2006-06-28 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
37 CVE-2006-3296 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
38 CVE-2006-3295 XSS 2006-06-28 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
39 CVE-2006-3294 Exec Code File Inclusion 2006-06-28 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
40 CVE-2006-3293 DoS 2006-06-28 2008-09-05
5.0
None Remote Low Not required None None Partial
parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.
41 CVE-2006-3292 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
42 CVE-2006-3291 16 2006-06-28 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
43 CVE-2006-3290 +Info 2006-06-28 2008-09-05
5.0
None Remote Low Not required Partial None None
HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.
44 CVE-2006-3289 XSS 2006-06-28 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
45 CVE-2006-3288 2006-06-28 2008-09-05
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors.
46 CVE-2006-3287 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
47 CVE-2006-3286 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).
48 CVE-2006-3285 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955).
49 CVE-2006-3284 XSS 2006-06-28 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
50 CVE-2006-3283 Exec Code Sql 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.
Total number of vulnerabilities : 622   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.