Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Ajax Softwares -- AliPAGER
| Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. | | 2.3 | CVE-2006-3345 BUGTRAQ
| Apple -- Mac OS X Server Apple -- Mac OS X
| The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-complicit attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. | | 1.9 | CVE-2006-3356 OTHER-REF FRSIRT XF
| Apple -- Safari
| Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | | 2.3 | CVE-2006-3372 OTHER-REF BID FRSIRT OSVDB
| Atlassian -- JIRA
| Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | | 1.9 | CVE-2006-3338 OTHER-REF FRSIRT
| Atlassian -- JIRA
| secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. | | 2.3 | CVE-2006-3339 OTHER-REF FRSIRT
| bb-news -- Blueboy
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | | 2.3 | CVE-2006-3370 BUGTRAQ
| cPanel -- cPanel
| Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | | 1.9 | CVE-2006-3337 BUGTRAQ BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA
| Efone -- Efone
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | | 2.3 | CVE-2006-3368 BUGTRAQ BID FRSIRT SECUNIA
| Eupla -- Foros
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | | 2.3 | CVE-2006-3371 BUGTRAQ BID FRSIRT SECUNIA
| FreeStyle Wiki -- FreeStyle Wiki
| Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | | 2.3 | CVE-2006-3380 OTHER-REF OTHER-REF FRSIRT SECUNIA
| Hiki -- Hiki
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | | 3.3 | CVE-2006-3379 OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| Hobbit Monitor -- Hobbit Monitor
| Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | | 1.6 | CVE-2006-3373 BUGTRAQ BID
| Iduprey -- Kamikaze-QSCM
| Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | | 2.3 | CVE-2006-3369 BUGTRAQ BID FRSIRT SECUNIA
| JMB Software -- AutoRank
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | | 3.7 | CVE-2006-3377 OTHER-REF FRSIRT SECTRACK SECTRACK SECUNIA
| Linux -- Linux kernel
| The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | | 3.3 | CVE-2006-2935 OTHER-REF
| mAds -- mAds
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | | 2.3 | CVE-2006-3382 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA
| Microsoft -- Windows Server 2003 Microsoft -- Windows XP
| Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-complicit attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | | 1.9 | CVE-2006-3351 BUGTRAQ
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. | | 2.3 | CVE-2006-3354 OTHER-REF BID OSVDB
| Mp3NetBox -- Mp3NetBox
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | | 2.3 | CVE-2006-3367 BUGTRAQ
| Olate -- Arctic
| Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. | | 1.9 | CVE-2006-3342 OTHER-REF OTHER-REF OSVDB SECUNIA
| Opera Software -- Opera Web Browser
| Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. | | 2.3 | CVE-2006-3331 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
| Opera Software -- Opera Web Browser
| Opera 9 allows remote attackers to cause a denial of service (crash) via a crafted web page that triggers an out-of-bounds memory access, related to an iframe and javascript that accesses certain style sheets properties. | | 2.3 | CVE-2006-3353 BUGTRAQ OTHER-REF BID XF
| PHPOutsourcing -- Zorum
| Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection. | | 1.9 | CVE-2006-3333 OTHER-REF
| phpSysInfo -- phpSysInfo
| Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | | 2.3 | CVE-2006-3360 FULLDISC FULLDISC FRSIRT SECUNIA
| SturGeoN Upload -- SturGeoN Upload
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | | 2.3 | CVE-2006-3381 BUGTRAQ OTHER-REF BID
| Sun -- StarOffice OpenOffice -- OpenOffice
| Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | | 3.7 | CVE-2006-2199 OTHER-REF SUNALERT
| V3 Chat -- V3 Chat
| mail/index.php in V3 Chat allows remote attackers to obtain the installation path via the id parameter, which displays the path in an error page due to an incorrect SQL statement. | | 1.9 | CVE-2006-3365 BUGTRAQ BUGTRAQ SECTRACK
| V3 Chat -- V3 Chat
| Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...". | | 1.9 | CVE-2006-3366 BUGTRAQ BUGTRAQ SECTRACK
| Vincent Leclercq -- News
| index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. | | 2.3 | CVE-2006-3386 OTHER-REF SECUNIA
| WordPress -- WordPress
| index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | | 2.3 | CVE-2006-3389 BUGTRAQ BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA
| WordPress -- WordPress
| WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. | | 2.3 | CVE-2006-3390 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA
|