Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2467 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.
CVE-2006-2469 1 Bea 1 Weblogic Server 2025-04-03 N/A
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
CVE-2006-2471 1 Bea 1 Weblogic Server 2025-04-03 N/A
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.
CVE-2006-2474 1 Cosmoshop 1 Cosmoshop 2025-04-03 N/A
SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.
CVE-2006-2475 1 Cosmoshop 1 Cosmoshop 2025-04-03 N/A
Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
CVE-2006-2488 1 Spymac 1 Spymac Web Os 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php.
CVE-2006-2489 1 Nagios 1 Nagios 2025-04-03 N/A
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
CVE-2006-2537 3 Horizontal Shooter Bor, Openbor, Senile Team 3 Horizontal Shooter Bor, Openbor, Beats Of Rage 2025-04-03 N/A
Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.
CVE-2005-1140 1 Mywebland 1 Mybloggie 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
CVE-2006-2551 1 Hp 1 Hp-ux 2025-04-03 N/A
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.
CVE-2006-2552 1 Jemscripts 1 Downloadcontrol 2025-04-03 N/A
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.
CVE-2006-2553 1 Jemscripts 1 Downloadcontrol 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector.
CVE-2006-2561 1 Edimax 1 Br 6104k 2025-04-03 N/A
Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2006-2564 1 Alstrasoft 1 E-friends 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
CVE-2006-2641 1 John Frank 1 Asset Manager 2025-04-03 N/A
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
CVE-2006-2642 1 Php-residence 1 Php-residence 2025-04-03 N/A
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
CVE-2006-2643 1 Circle R 1 Monster Top List 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.
CVE-2006-2648 1 Aspbb 1 Aspbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2662 1 Vmware 1 Server 2025-04-03 N/A
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.