Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1949 | 1 Nicplex | 1 Plexcart | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2072 | 1 Delegate | 1 Delegate | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
| CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-1952 | 1 Winagents | 1 Tftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. | |||||
| CVE-2006-1968 | 1 Kcscripts | 2 Kcscripts News Publisher, Portal Pack | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. | |||||
| CVE-2006-1967 | 1 Kcscripts | 2 Kcscripts Calendar, Portal Pack | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. | |||||
| CVE-2006-1965 | 1 Aasi Media | 1 Net Clubs Pro | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi. | |||||
| CVE-2006-2087 | 1 Hitachi | 4 Groupmax Integrated Desktop, Groupmax Mail, Groupmax World Wide Web and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. | |||||
| CVE-2006-2104 | 1 Kmail | 1 Kmail | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | |||||
| CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | |||||
| CVE-2006-2076 | 1 Pdnsd | 1 Pdnsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
| CVE-2006-1909 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | |||||
| CVE-2006-1911 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. | |||||
| CVE-2006-2031 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2147 | 1 Resmgr | 1 Resmgrd | 2017-07-20 | 3.6 LOW | N/A |
| resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788. | |||||
| CVE-2006-2422 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-20 | 5.0 MEDIUM | N/A |
| phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | |||||
| CVE-2006-2421 | 1 Pragma Systems | 1 Fortressssh | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2146 | 1 Harold Bakker | 1 Hb-ns | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter. | |||||
| CVE-2006-2415 | 1 Flexchat | 1 Flexchat | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. | |||||
| CVE-2006-2195 | 1 Horde | 1 Horde | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | |||||
| CVE-2006-2403 | 1 Filezilla | 1 Filezilla | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. | |||||
| CVE-2006-2145 | 1 Harold Bakker | 1 Hb-ns | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter. | |||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | |||||
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | |||||
| CVE-2006-2390 | 1 Ozjournals | 1 Ozjournals | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality. | |||||
| CVE-2006-2368 | 1 Clansys | 1 Clansys | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-2367 | 1 Clansys | 1 Clansys | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. | |||||
| CVE-2006-2141 | 1 Collaborative Portal Server Project | 1 Collaborative Portal Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument. | |||||
| CVE-2006-2366 | 1 Openobex | 1 Openobex | 2017-07-20 | 2.6 LOW | N/A |
| ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session. | |||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | |||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2357 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 5.0 MEDIUM | N/A |
| Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | |||||
| CVE-2006-2355 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 5.0 MEDIUM | N/A |
| Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2354 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 5.0 MEDIUM | N/A |
| NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2352 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2345 | 1 Roostercode Ajax Softwares | 1 Alipager | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2344 | 1 Ajax Softwares | 1 Alipager | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter. | |||||
| CVE-2006-2343 | 1 Adventnet | 1 Manageengine Opmanager | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2342 | 1 Ibm | 1 Websphere Application Server | 2017-07-20 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | |||||
| CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | |||||
| CVE-2006-2339 | 1 Evo-dev | 2 Evotopsites, Evotopsites Pro | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. | |||||
| CVE-2006-2326 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2325 | 1 Onlyscript.info | 1 Online Universal Payment System Script | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Also, this issue might be resultant from directory traversal. | |||||
| CVE-2006-2322 | 1 Cisco | 2 Application Velocity System 3110, Application Velocity System 3120 | 2017-07-20 | 6.4 MEDIUM | N/A |
| The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. | |||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | |||||
| CVE-2006-2302 | 1 Duware | 1 Dugallery | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field. | |||||
| CVE-2006-2300 | 1 Keyvan1 | 1 Eimagepro | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp. | |||||
| CVE-2006-2298 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2017-07-20 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2006-2296 | 1 Keyvan1.com | 1 Edirectorypro | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||