Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Alkacon -- OpenCms
| Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | | 1.9 | CVE-2006-2571 OTHER-REF SECUNIA
| AlstraSoft -- E-Friends
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. | | 2.3 | CVE-2006-2564 BUGTRAQ BID FRSIRT SECUNIA
| AlstraSoft -- Article Manager Pro
| Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | | 2.3 | CVE-2006-2566 BUGTRAQ FRSIRT
| AlstraSoft -- Article Manager Pro
| Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | | 2.3 | CVE-2006-2567 BUGTRAQ FRSIRT SECUNIA
| Apple -- Mac OS X Apple -- Xcode Tools
| Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | | 3.7 | CVE-2006-1466 APPLE BID FRSIRT SECTRACK
| BEA Systems -- WebLogic Server
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | | 2.3 | CVE-2006-2546 BEA FRSIRT SECTRACK SECUNIA XF
| Bitberry Software -- BitZipper
| Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. | | 2.3 | CVE-2006-2520 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA SECTRACK
| Chatty -- Chatty
| Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username. | | 2.3 | CVE-2006-2606 BUGTRAQ BID
| Destiney -- Destiney Links Script
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | | 2.3 | CVE-2006-2534 BUGTRAQ
| Destiney -- Destiney Links Script
| index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal. | | 2.3 | CVE-2006-2535 BUGTRAQ FRSIRT SECUNIA
| Dian Gemilang -- DGBook
| Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | | 1.9 | CVE-2006-2572 BUGTRAQ FRSIRT SECUNIA
| DieselScripts.com -- Diesel Job Site
| Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | | 2.3 | CVE-2006-2540 BUGTRAQ SECUNIA
| DSChat -- DSChat
| Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php. | | 2.3 | CVE-2006-2605 BUGTRAQ BID FRSIRT SECUNIA
| FCKeditor -- FCKeditor
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | | 2.3 | CVE-2006-2529 OTHER-REF BID FRSIRT SECUNIA
| FreeType -- FreeType
| integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. | | 2.3 | CVE-2006-0747 OTHER-REF
| FreeType -- FreeType
| Integer overflow in the read_lwfn function in FreeType before 2.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted LWFN file. NOTE: this issue might be subsumed by CVE-2006-1861. | | 3.3 | CVE-2006-2493 SOURCEFORGE FRSIRT SECUNIA BID XF
| Genecys -- Genecys
| The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference. | | 2.3 | CVE-2006-2555 FULLDISC OTHER-REF BID FRSIRT OSVDB SECUNIA XF
| HP -- HP-UX
| Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. | | 1.6 | CVE-2006-2551 HP BID FRSIRT SECUNIA
| HyperStop -- WebHost Directory AlstraSoft -- WebHost Directory
| (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection. | | 2.3 | CVE-2006-2617 BUGTRAQ OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA
| HyperStop -- WebHost Directory AlstraSoft -- WebHost Directory
| Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the user review box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability. | | 2.3 | CVE-2006-2618 BUGTRAQ OTHER-REF
| Jemscripts -- DownloadControl
| Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php. | | 2.3 | CVE-2006-2552 BUGTRAQ BID
| Jemscripts -- DownloadControl
| Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector. | | 2.3 | CVE-2006-2553 BUGTRAQ MLIST SECUNIA
| Linux -- Linux kernel
| The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | | 2.3 | CVE-2006-1862 REDHAT OTHER-REF OTHER-REF SECUNIA
| Linux -- Linux kernel
| The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite. | | 3.3 | CVE-2006-2444 KERNEL.ORG KERNEL.ORG SECUNIA
| MediaWiki -- MediaWiki
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | | 2.3 | CVE-2006-2611 MLIST MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA
| Mozilla -- Firefox IE Tab -- IE Tab
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-complicit attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | | 1.9 | CVE-2006-2538 BUGTRAQ BUGTRAQ XF
| Mozilla -- Firefox Netscape -- Netscape Mozilla -- Mozilla Suite
| Mozilla Suite 1.7.13, Mozilla Firefox before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-complicit attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. | | 1.9 | CVE-2006-2613 BUGTRAQ OTHER-REF OTHER-REF SECUNIA SECUNIA SECUNIA
| Novell -- Novell client
| Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | | 1.6 | CVE-2006-2612 BUGTRAQ BUGTRAQ SECUNIA
| phpwcms -- phpwcms
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | | 1.9 | CVE-2006-2518 BUGTRAQ OTHER-REF BID SECUNIA
| phpwcms -- phpwcms
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. | | 1.9 | CVE-2006-2519 BUGTRAQ OTHER-REF BID SECUNIA
| PunkBuster -- PunkBuster
| Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter. | | 2.3 | CVE-2006-2587 OTHER-REF OTHER-REF FRSIRT SECUNIA
| PyroSoft Inc -- NetPanzer
| The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error. | | 2.3 | CVE-2006-2575 OTHER-REF FRSIRT SECUNIA
| Russcom Network -- PhpImages
| Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability. | | 2.3 | CVE-2006-2588 BUGTRAQ BID
| RWiki -- RWiki
| Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | | 2.3 | CVE-2006-2581 FRSIRT SECUNIA
| SkyeBox -- SkyeBox
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | | 2.3 | CVE-2006-2584 BUGTRAQ FRSIRT SECUNIA
| Snitz Forums 2000 -- Avatar MOD
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | | 2.3 | CVE-2006-2530 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| SpiffyJr -- phpRaid
| Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. | | 1.9 | CVE-2006-2610 BUGTRAQ BID
| Ti Kan -- Xmcd
| xmcdconfig in Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | | 2.5 | CVE-2006-2542 OTHER-REF SECUNIA XF
| Xtreme Scripts -- Xtreme Topsites
| Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection. | | 1.9 | CVE-2006-2545 BUGTRAQ BID FRSIRT SECUNIA
| YourFreeWorld -- Short Url & Url Tracker Script
| Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via unspecified form fields. | | 2.3 | CVE-2006-2510 BUGTRAQ BID
|