Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | Alkacon -- OpenCms
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. | | 1.4 | CVE-2006-3933 BUGTRAQ OTHER-REF OPENCMS OPENCMS SECUNIA XF
| Alkacon -- OpenCms
| Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | | 2.0 | CVE-2006-3934 BUGTRAQ OTHER-REF OPENCMS OPENCMS SECUNIA XF
| Alkacon -- OpenCms
| system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. | | 1.4 | CVE-2006-3936 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF SECUNIA XF
| Apple -- Mac OS X Server Apple -- Mac OS X
| OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. | | 3.7 | CVE-2006-0393 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results. | | 1.9 | CVE-2006-1472 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. | | 3.3 | CVE-2006-1473 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. | | 1.6 | CVE-2006-3495 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. | | 3.3 | CVE-2006-3496 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | | 1.6 | CVE-2006-3499 APPLE
| Apple -- Mac OS X Server Apple -- Mac OS X
| The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. | | 1.3 | CVE-2006-3504 APPLE
| Banex -- Banex
| Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. | | 2.3 | CVE-2006-3965 FULLDISC
| Computer Associates -- eTrust Antivirus WebScan
| Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files. | | 2.3 | CVE-2006-3976 OTHER-REF SECUNIA
| CounterPane -- PasswordSafe
| Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. | | 1.6 | CVE-2006-3675 BUGTRAQ OTHER-REF BID SECTRACK XF
| Dokeos -- Dokeos
| Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 2.3 | CVE-2006-3924 OTHER-REF BID SECUNIA
| Dotclear -- Dotclear
| DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages. | | 2.3 | CVE-2006-3938 BUGTRAQ
| Fire-Mouse -- Toplist
| Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter. | | 1.9 | CVE-2006-3923 BUGTRAQ OTHER-REF FRSIRT SECUNIA
| GnuPG -- GnuPG
| Buffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. | | 2.3 | CVE-2006-3746 MLIST OTHER-REF BID
| libTIFF -- libTIFF
| The TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an infinite loop. | | 3.3 | CVE-2006-3463 DEBIAN
| Linux -- Linux kernel
| The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 performs the atomic futex operation with user space addresses instead of kernel space addresses, which allows local users to cause a denial of service (crash). | | 1.6 | CVE-2006-3634 OTHER-REF
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP
| The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet on an SMB PIPE that triggers a null dereference. | | 2.3 | CVE-2006-3942 ISS OTHER-REF OTHER-REF BID XF FRSIRT SECTRACK SECUNIA
| Microsoft -- Internet Explorer
| Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | | 1.9 | CVE-2006-3943 BLOGSPOT BID OSVDB XF
| Microsoft -- Internet Explorer
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | | 2.3 | CVE-2006-3944 BLOGSPOT FRSIRT
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | | 1.9 | CVE-2006-3812 OTHER-REF BID SECTRACK SECTRACK SECUNIA SECUNIA SECUNIA OTHER-REF BUGTRAQ REDHAT UBUNTU UBUNTU CERT-VN SECUNIA XF
| MyBB -- MyBB
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | | 2.3 | CVE-2006-3953 BUGTRAQ BID
| MyBB -- MyBB
| Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. | | 2.3 | CVE-2006-3954 BUGTRAQ BID
| Opera Software -- Opera Web Browser
| The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. | | 2.3 | CVE-2006-3945 BLOGSPOT FRSIRT OSVDB XF
| PHP Pro Bid -- PHP Pro Bid
| Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter. | | 2.3 | CVE-2006-3927 BUGTRAQ BID OSVDB SECTRACK SECUNIA XF
| PHP-Nuke -- INP
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. | | 2.3 | CVE-2006-3948 BUGTRAQ BID
| PKR Internet -- Taskjitsu
| Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | | 2.3 | CVE-2006-3958 OTHER-REF FRSIRT SECUNIA
| Scott Weedon -- Ajax Chat
| Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | | 2.3 | CVE-2006-3971 FULLDISC BID FRSIRT SECUNIA XF
| Scott Weedon -- Ajax Chat
| Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. | | 2.3 | CVE-2006-3972 FULLDISC BID FRSIRT SECUNIA XF
| Sun -- Solaris
| The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | | 2.3 | CVE-2006-3920 SUNALERT FRSIRT SECTRACK SECUNIA XF
| Sun -- Java System Application Server Sun -- Java Web Server Sun -- Java System Web Server
| Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | | 1.4 | CVE-2006-3921 SUNALERT BID SECTRACK SECTRACK FRSIRT SECUNIA
| Sun -- Solaris
| The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. | | 2.3 | CVE-2006-3968 SUNALERT
| Tamarack Consulting -- Tamarack MMSd
| Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | | 2.3 | CVE-2006-1178 OTHER-REF CERT-VN XF BID
| Total Online Solutions -- Advanced Webhost Billing System
| Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. | | 2.3 | CVE-2006-3956 BUGTRAQ SECUNIA
| VMWare -- ESX Server
| VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | | 2.3 | CVE-2006-2481 OTHER-REF
| xGuestBook -- xGuestBook
| post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message. | | 2.3 | CVE-2006-3937 BUGTRAQ XF
| ZyXEL Prestige -- 660H-61 ADSL Router
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | | 2.3 | CVE-2006-3929 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
|