Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | |||||
| CVE-2006-2987 | 1 Dominios Europa | 1 Picrate | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | |||||
| CVE-2006-2976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | |||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2017-07-20 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||||
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2958 | 1 Filzip | 1 Filzip | 2017-07-20 | 2.6 LOW | N/A |
| Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3010 | 1 Aliacom | 1 Open Business Management | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php. | |||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | |||||
| CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | |||||
| CVE-2006-2190 | 1 Open Webmail | 1 Open Webmail | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. | |||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | |||||
| CVE-2006-2974 | 1 Emailarchitect | 1 Email Server | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. | |||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2017-07-20 | 5.0 MEDIUM | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | |||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | |||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | |||||
| CVE-2006-2925 | 1 Ingate | 2 Ingate Firewall, Siparator | 2017-07-20 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | |||||
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-20 | 5.0 MEDIUM | N/A |
| Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | |||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | |||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | |||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2910 | 1 Cowon America | 1 Jetaudio | 2017-07-20 | 5.1 MEDIUM | N/A |
| Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | |||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | |||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2017-07-20 | 4.0 MEDIUM | N/A |
| PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | |||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2017-07-20 | 5.1 MEDIUM | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | |||||
| CVE-2006-2895 | 1 Mediawiki | 1 Mediawiki | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | |||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2926 | 1 Qbik | 1 Wingate | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | |||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | |||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | |||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2017-07-20 | 4.3 MEDIUM | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | |||||
| CVE-2006-2874 | 1 Osads Alliance Database | 1 Osads Alliance Database | 2017-07-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments. | |||||
| CVE-2006-2873 | 1 Enigma Haber | 1 Enigma Haber | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. | |||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | |||||
| CVE-2006-2861 | 1 Particle Soft | 1 Particle Wiki | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2006-2856 | 1 Activestate | 1 Activeperl | 2017-07-20 | 4.6 MEDIUM | N/A |
| ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2855 | 1 Xuebook | 1 Xuebook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-2853 | 1 Abarcar | 1 Abarcar Realty Portal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | |||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | |||||
| CVE-2006-2183 | 1 Truecrypt Foundation | 1 Truecrypt | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | |||||
| CVE-2006-2840 | 1 Pmwiki | 1 Pmwiki | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2006-2839 | 1 Webwork | 1 Webwork | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. | |||||
| CVE-2006-2179 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | |||||
| CVE-2006-2838 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2017-07-20 | 7.6 HIGH | N/A |
| Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. | |||||
| CVE-2006-2306 | 1 Keyvan Janghorbani | 1 Epublisherpro | 2017-07-20 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||