Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | |||||
| CVE-2006-5414 | 1 Barry Nauta | 1 Brim | 2017-07-20 | 5.0 MEDIUM | N/A |
| Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL. | |||||
| CVE-2006-5420 | 1 Kerio | 1 Winroute Firewall | 2017-07-20 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. | |||||
| CVE-2006-5422 | 1 Lodel | 1 Lodel Cms | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | |||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2017-07-20 | 5.0 MEDIUM | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | |||||
| CVE-2006-3183 | 1 Mobescripts | 1 Mobile Space Community | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). | |||||
| CVE-2006-3182 | 1 Mobescripts | 1 Mobile Space Community | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page. | |||||
| CVE-2006-3180 | 1 Swsoft | 1 Confixx | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2006-3178 | 1 Jed Wing | 1 Chm Lib | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename. | |||||
| CVE-2006-3176 | 1 Xaran | 1 Xaran Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3174 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | |||||
| CVE-2006-3187 | 1 Sharky E-shop | 1 Sharky E-shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error. | |||||
| CVE-2006-3171 | 1 Comscripts | 1 Cs-forum | 2017-07-20 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php. | |||||
| CVE-2006-3167 | 1 Free Realty | 1 Free Realty | 2017-07-20 | 5.0 MEDIUM | N/A |
| Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message. | |||||
| CVE-2006-3166 | 1 Free Realty | 1 Free Realty | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter. | |||||
| CVE-2006-3119 | 1 Fbi | 1 Fbi | 2017-07-20 | 5.1 MEDIUM | N/A |
| The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | |||||
| CVE-2006-3123 | 1 Matt Blaze | 1 Cryptographic File System | 2017-07-20 | 2.1 LOW | N/A |
| Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | |||||
| CVE-2006-3165 | 1 Free Realty | 1 Free Realty | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2006-3164 | 1 Tpl Design | 1 Tplshop | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. | |||||
| CVE-2006-3163 | 1 Imgallery | 1 Imgallery | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters. | |||||
| CVE-2006-3159 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2017-07-20 | 2.1 LOW | N/A |
| pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. | |||||
| CVE-2006-3157 | 1 Thinkfactory | 1 Ultimategoogle | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter. | |||||
| CVE-2006-3156 | 1 Thinkfactory | 1 Ultimate Eshop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter. | |||||
| CVE-2006-3155 | 1 Thinkfactory | 1 Ultimate Estate | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl. | |||||
| CVE-2006-3154 | 1 Thinkfactory | 1 Ultimate Estate | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3153 | 1 Thinkfactory | 1 Ultimate Estate | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-3151 | 1 Associated | 1 Associated Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. | |||||
| CVE-2006-3150 | 1 Cavoxcms | 1 Cavoxcms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2006-3825 | 1 Sun | 1 Solaris | 2017-07-20 | 2.1 LOW | N/A |
| The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. | |||||
| CVE-2006-3149 | 1 Phpmyforum | 1 Phpmyforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2006-3148 | 1 Open-realty | 1 Open-realty | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. | |||||
| CVE-2006-3147 | 1 Hosting Controller | 1 Hosting Controller | 2017-07-20 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788. | |||||
| CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error. | |||||
| CVE-2006-3944 | 1 Microsoft | 1 Ie | 2017-07-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | |||||
| CVE-2006-3141 | 1 Dpivision | 1 Tradingeye Shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2006-3152 | 1 Bluehouse Project | 1 Phptrader | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php. | |||||
| CVE-2006-3140 | 1 Openci | 1 Openci | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3137 | 1 Cutting Edge Computing | 1 Edge Ecommerce Shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. | |||||
| CVE-2006-3135 | 1 Hotwebscripts | 1 Cms Mundo | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. | |||||
| CVE-2006-3943 | 1 Microsoft | 1 Ie | 2017-07-20 | 2.6 LOW | N/A |
| Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | |||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2017-07-20 | 9.3 HIGH | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | |||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | |||||
| CVE-2006-3130 | 1 Clubpage | 1 Clubpage | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2006-3124 | 1 Streamripper | 1 Streamripper | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. | |||||
| CVE-2006-3125 | 1 Gtetrinet | 1 Gtetrinet | 2017-07-20 | 7.5 HIGH | N/A |
| Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index. | |||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | |||||
| CVE-2006-3932 | 1 Gonafish | 1 Linkscaffe | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4044 | 1 Brad Fears | 1 Phpcodecabinet | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. | |||||
| CVE-2006-3820 | 1 Gerrit Van Aaken | 1 Loudblog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||