Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3315 | 1 Rahnemaco | 1 Rahnemaco | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter. | |||||
| CVE-2006-3063 | 1 Myphp Guestbook | 1 Myphp Guestbook | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php. | |||||
| CVE-2006-3361 | 1 Stud.ip | 1 Stud.ip | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php. | |||||
| CVE-2006-3360 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. | |||||
| CVE-2006-3308 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-20 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). | |||||
| CVE-2006-3307 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | |||||
| CVE-2006-3887 | 1 Aol | 1 Ygp Screensaver Activex Control | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-3845 | 1 Rarlab | 1 Winrar | 2017-07-20 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. | |||||
| CVE-2006-4005 | 1 Bomberclone | 1 Bomberclone | 2017-07-20 | 5.0 MEDIUM | N/A |
| BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown. | |||||
| CVE-2006-3067 | 1 Ibm | 1 Db2 Universal Database | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. | |||||
| CVE-2006-3305 | 1 Uebimiau | 1 Uebimiau | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. | |||||
| CVE-2006-3303 | 1 Deluxebb | 1 Deluxebb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. | |||||
| CVE-2006-3302 | 1 Cbsms | 1 Mambo Module | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-3301 | 1 Phpqladmin | 1 Phpqladmin | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. | |||||
| CVE-2006-3072 | 1 Symantec | 1 Security Information Manager | 2017-07-20 | 4.6 MEDIUM | N/A |
| M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation. | |||||
| CVE-2006-3298 | 1 Yahoo | 1 Messenger | 2017-07-20 | 5.0 MEDIUM | N/A |
| Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. | |||||
| CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3844 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2017-07-20 | 6.5 MEDIUM | N/A |
| Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027. | |||||
| CVE-2006-3077 | 1 Axent | 1 Axentguestbook | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. | |||||
| CVE-2006-3293 | 1 Proton | 1 Energymech Irc Bot | 2017-07-20 | 5.0 MEDIUM | N/A |
| parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages. | |||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 5.0 MEDIUM | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | |||||
| CVE-2006-3289 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | |||||
| CVE-2006-3288 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-3079 | 1 Sspwiz | 1 Sspwiz Plus | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-3093 | 1 Adobe | 1 Acrobat Reader | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. | |||||
| CVE-2006-3094 | 1 Vincent Hor | 1 Calendarix Basic | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) cal_event.php and (2) cal_popup.php. | |||||
| CVE-2006-3095 | 1 Ipostmx | 1 Ipostmx 2005 | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm. | |||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | |||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | |||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2017-07-20 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | |||||
| CVE-2006-3952 | 1 Efs Software | 1 Efs Ftp Server | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3278 | 1 Positive Software | 1 H-sphere | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2006-3276 | 1 Realnetworks | 1 Helix Dna Server | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". | |||||
| CVE-2006-3275 | 1 Yabb | 1 Yabb | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | |||||
| CVE-2006-3272 | 1 Astrodog Press | 1 Some Chess | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3270 | 1 Thorcms | 1 Thorcms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-3267 | 1 Infinite Core Technologies | 1 Ict | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2006-3265 | 1 Qdig | 1 Qdig | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. | |||||
| CVE-2006-3106 | 1 Fredi Bach | 1 Phpmydesktop Arcade | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo. | |||||
| CVE-2006-3107 | 1 Docebo | 1 Docebo | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different. | |||||
| CVE-2006-3258 | 1 Bnbt | 2 Easytracker, Trinedit | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. | |||||
| CVE-2006-3110 | 1 Chipmailer | 1 Chipmailer | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters. | |||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr. | |||||
| CVE-2006-3256 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2006-3328 | 1 Starflow Software | 1 Hostflow | 2017-07-20 | 5.8 MEDIUM | N/A |
| new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs. | |||||
| CVE-2006-3255 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | |||||
| CVE-2006-3254 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. | |||||
| CVE-2006-3249 | 1 Phorum | 1 Phorum | 2017-07-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is used for the page parameter for a search URL, the search query will use a negative number for the LIMIT clause. This causes the query to break, showing no results. It IS NOT however a sql injection error." While the original report is from a researcher with mixed accuracy, as of 20060703, CVE does not have any additional information regarding this issue. | |||||
| CVE-2006-3327 | 1 E-cbd.biz | 1 Custom Dating Biz Dating Script | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php. | |||||