CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2006-0995 DoS 2006-03-03 2017-07-20
5.0
None Remote Low Not required None None Partial
EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error.
452 CVE-2006-0991 Exec Code Overflow 2006-03-28 2018-10-18
7.1
None Remote High ??? Complete Complete Complete
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
453 CVE-2006-0990 Exec Code Overflow 2006-03-28 2018-10-18
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
454 CVE-2006-0989 Exec Code Overflow 2006-03-28 2018-10-18
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
455 CVE-2006-0988 DoS 2006-03-03 2018-10-18
7.8
None Remote Low Not required None None Complete
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
456 CVE-2006-0987 DoS 2006-03-03 2018-10-18
5.0
None Remote Low Not required None None Partial
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
457 CVE-2006-0986 +Info 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.
458 CVE-2006-0985 XSS 2006-03-03 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
459 CVE-2006-0984 XSS 2006-03-03 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.
460 CVE-2006-0983 XSS 2006-03-03 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
461 CVE-2006-0982 Bypass 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
462 CVE-2006-0981 Dir. Trav. 2006-03-03 2018-10-18
4.0
None Remote High Not required Partial Partial None
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
463 CVE-2006-0980 XSS 2006-03-03 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi.
464 CVE-2006-0979 2006-03-03 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.
465 CVE-2006-0978 XSS 2006-03-03 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers.
466 CVE-2006-0977 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
467 CVE-2006-0976 22 Dir. Trav. 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.
468 CVE-2006-0974 XSS 2006-03-03 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.
469 CVE-2006-0973 1 Exec Code Sql 2006-03-03 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
470 CVE-2006-0972 Exec Code Sql 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846.
471 CVE-2006-0971 Dir. Trav. 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
472 CVE-2006-0970 File Inclusion 2006-03-03 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter.
473 CVE-2006-0969 File Inclusion 2006-03-03 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter.
474 CVE-2006-0968 Exec Code 2006-03-02 2018-10-18
7.2
None Local Low Not required Complete Complete Complete
The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.
475 CVE-2006-0967 399 DoS Overflow 2006-03-02 2018-10-18
2.1
None Local Low Not required None None Partial
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks.
476 CVE-2006-0966 119 DoS Overflow 2006-03-02 2018-10-18
2.1
None Local Low Not required None None Partial
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow.
477 CVE-2006-0965 Overflow Bypass 2006-03-02 2018-10-18
4.6
None Local Low Not required Partial Partial Partial
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.
478 CVE-2006-0964 Bypass 2006-03-02 2018-10-18
4.6
None Local Low Not required Partial Partial Partial
Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program.
479 CVE-2006-0963 Exec Code Overflow 2006-03-02 2017-07-20
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp.
480 CVE-2006-0962 Exec Code Sql 2006-03-02 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.
481 CVE-2006-0961 89 Exec Code Sql 2006-03-02 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
482 CVE-2006-0960 DoS 2006-03-02 2017-07-20
5.0
None Remote Low Not required None None Partial
uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778.
483 CVE-2006-0959 89 Exec Code Sql 2006-03-02 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.
484 CVE-2006-0958 XSS 2006-03-02 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.
485 CVE-2006-0957 Exec Code 2006-03-02 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
486 CVE-2006-0956 DoS 2006-03-02 2011-03-08
1.7
None Local Low ??? None None Partial
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server.
487 CVE-2006-0950 22 Dir. Trav. 2006-03-13 2018-10-18
2.6
None Remote High Not required None Partial None
unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.
488 CVE-2006-0949 2006-03-06 2017-07-20
5.0
None Remote Low Not required Partial None None
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.
489 CVE-2006-0947 2006-03-01 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
490 CVE-2006-0946 XSS 2006-03-01 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.
491 CVE-2006-0945 94 Exec Code 2006-03-01 2018-10-18
6.5
None Remote Low ??? Partial Partial Partial
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter.
492 CVE-2006-0944 Bypass 2006-03-01 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
493 CVE-2006-0943 Exec Code Sql 2006-03-01 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
494 CVE-2006-0942 Exec Code Sql 2006-03-01 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
495 CVE-2006-0941 XSS 2006-03-01 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.
496 CVE-2006-0940 Exec Code 2006-03-01 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
497 CVE-2006-0939 Exec Code Sql 2006-03-01 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
498 CVE-2006-0938 79 XSS 2006-03-01 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
499 CVE-2006-0905 2006-03-23 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
500 CVE-2006-0883 399 DoS 2006-03-07 2017-07-20
5.0
None Remote Low Not required None None Partial
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
Total number of vulnerabilities : 543   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.