Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | BEA Systems -- Weblogic Server
| BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | | 2.3 | CVE-2006-2461 BEA FRSIRT SECTRACK SECUNIA
| BEA Systems -- Weblogic Server
| BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | | 2.3 | CVE-2006-2462 BEA FRSIRT SECTRACK SECUNIA
| BEA Systems -- Weblogic Server
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | | 1.9 | CVE-2006-2466 BEA FRSIRT SECUNIA
| BEA Systems -- Weblogic Server
| BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. | | 1.4 | CVE-2006-2467 BEA FRSIRT SECUNIA
| BEA Systems -- Weblogic Server
| The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information. | | 1.4 | CVE-2006-2468 BEA FRSIRT SECUNIA
| BEA Systems -- Weblogic Server BEA Systems -- WebLogic Express
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | | 2.3 | CVE-2006-2471 BEA FRSIRT SECUNIA
| BEA Systems -- Weblogic Server BEA Systems -- WebLogic Express
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | | 2.3 | CVE-2006-2472 BEA FRSIRT SECUNIA
| Bitrix -- Bitrix Site Manager
| Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | | 2.3 | CVE-2006-2476 BUGTRAQ FRSIRT SECTRACK SECUNIA
| Bitrix -- Bitrix Site Manager
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | | 2.8 | CVE-2006-2477 BUGTRAQ FRSIRT SECTRACK SECUNIA
| Bitrix -- Bitrix Site Manager
| Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. | | 2.3 | CVE-2006-2478 BUGTRAQ FRSIRT SECTRACK SECUNIA
| Bitrix -- Bitrix Site Manager
| The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site. | | 2.3 | CVE-2006-2479 BUGTRAQ FRSIRT SECTRACK
| Caucho Technology -- Resin
| Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | | 3.3 | CVE-2006-1953 BUGTRAQ BID FRSIRT VULNWATCH OTHER-REF
| Caucho Technology -- Resin
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | | 2.3 | CVE-2006-2437 BUGTRAQ BID FRSIRT
| Caucho Technology -- Resin
| Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid. | | 2.3 | CVE-2006-2438 BUGTRAQ BID FRSIRT
| Clansys -- Clansys
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. | | 2.3 | CVE-2006-2367 BUGTRAQ OTHER-REF SECTRACK SECUNIA XF
| Cosmoshop -- Cosmoshop
| Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | | 3.3 | CVE-2006-2475 BUGTRAQ
| Dovecot -- Dovecot
| Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | | 2.3 | CVE-2006-2414 BUGTRAQ OTHER-REF OTHER-REF BID
| Empire Server -- Empire Server
| The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | | 2.3 | CVE-2006-2393 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA
| GNUnet -- GNUnet
| GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | | 2.3 | CVE-2006-2413 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA
| GPhotos -- GPhotos
| Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via the rep parameter. | | 2.3 | CVE-2006-2398 BUGTRAQ BID FRSIRT SECUNIA OSVDB
| IBM -- Websphere
| Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | | 2.3 | CVE-2006-2434 BUGTRAQ OTHER-REF FRSIRT SECUNIA
| IPswitch -- WhatsUp Professional
| Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. | | 2.3 | CVE-2006-2351 BUGTRAQ BID FRSIRT SECUNIA
| Ipswitch -- WhatsUp Professional
| NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. | | 2.3 | CVE-2006-2353 BUGTRAQ FRSIRT SECUNIA
| Ipswitch -- WhatsUp Professional
| Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | | 2.3 | CVE-2006-2357 BUGTRAQ FRSIRT SECUNIA
| libextractor -- libextractor
| Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | | 3.7 | CVE-2006-2458 BUGTRAQ BID FRSIRT SECTRACK SECUNIA OTHER-REF
| Linux -- Linux kernel
| Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space. | | 2.3 | CVE-2006-1528 OTHER-REF OTHER-REF OTHER-REF
| Linux -- Linux kernel
| choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | | 2.5 | CVE-2006-1855 OTHER-REF
| OpenOBEX -- OpenOBEX
| ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-complicit remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session. | | 1.9 | CVE-2006-2366 OTHER-REF BID
| OpenWiki -- OpenWiki
| Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | | 2.3 | CVE-2006-2473 BUGTRAQ
| Outgun -- Outgun
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | | 3.3 | CVE-2006-2400 BUGTRAQ ALTERVISTA BID FRSIRT SECUNIA
| Outgun -- Outgun
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | | 3.3 | CVE-2006-2401 BUGTRAQ ALTERVISTA BID FRSIRT SECUNIA
| Outgun -- Outgun
| Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | | 2.3 | CVE-2006-2402 BUGTRAQ ALTERVISTA BID FRSIRT SECUNIA
| PHP -- Directory Listing Script
| Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | | 2.3 | CVE-2006-2419 ALTERVISTA FRSIRT SECUNIA
| phpBB Group -- phpBB
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | | 2.3 | CVE-2006-2359 BUGTRAQ BUGTRAQ BID
| phpCOIN -- phpCOIN
| phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | | 2.3 | CVE-2006-2422 OTHER-REF BID FRSIRT SECUNIA
| phpMyAdmin -- phpMyAdmin
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. | | 2.3 | CVE-2006-2417 OTHER-REF FRSIRT SECUNIA BID
| phpMyAdmin -- phpMyAdmin
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | | 3.3 | CVE-2006-2418 PHPMYADMIN FRSIRT SECUNIA BID
| phpRemoteView -- phpRemoteView
| Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | | 2.3 | CVE-2006-2425 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Pioneers -- Pioneers meta-server
| Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | | 2.3 | CVE-2006-2441 SOURCEFORGE DEBIAN
| Raydium -- Raydium
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | | 2.3 | CVE-2006-2410 BUGTRAQ OTHER-REF SECUNIA FRSIRT
| Raydium -- Raydium
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | | 2.3 | CVE-2006-2412 BUGTRAQ OTHER-REF SECUNIA FRSIRT
| SelectaPix -- SelectaPix
| view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | | 2.3 | CVE-2006-2463 SECTRACK
| Skype Technologies -- Skype
| Unspecified vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a crafted URL. | | 1.9 | CVE-2006-2312 OTHER-REF BID SECUNIA
| SWSoft -- Confixx
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | | 2.3 | CVE-2006-2423 BUGTRAQ FRSIRT SECUNIA BID
| Unclassified NewsBoard -- Unclassified NewsBoard
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | | 2.7 | CVE-2006-2405 BUGTRAQ ALTERVISTA OTHER-REF BID FRSIRT SECUNIA
| Unclassified NewsBoard -- Unclassified NewsBoard
| Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter. | | 1.9 | CVE-2006-2406 OTHER-REF
| Web-Labs -- Web-Labs CMS
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 2.3 | CVE-2006-2358 BID FRSIRT SECUNIA
|