Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-2006-2173 | 1 Filezilla | 1 Filezilla Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 6.4 MEDIUM | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-2170 | 1 Argosoft | 1 Ftp Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2586 | 1 Iplogger | 1 Iplogger | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | |||||
| CVE-2006-2585 | 1 Greg Donald | 1 Destiney Links Script | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2582 | 1 Rwiki | 1 Rwiki | 2017-07-20 | 7.5 HIGH | N/A |
| The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. | |||||
| CVE-2006-2581 | 1 Rwiki | 1 Rwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2017-07-20 | 5.1 MEDIUM | N/A |
| admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | |||||
| CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2017-07-20 | 7.5 HIGH | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||
| CVE-2006-2559 | 1 Linksys | 2 Wrt54g, Wrt54g V5 | 2017-07-20 | 7.5 HIGH | N/A |
| Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||
| CVE-2006-2169 | 1 Best Practical Solutions | 1 Request Tracker | 2017-07-20 | 5.0 MEDIUM | N/A |
| RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | |||||
| CVE-2006-2546 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | |||||
| CVE-2006-2542 | 1 Ti Kan | 1 Xmcd | 2017-07-20 | 2.1 LOW | N/A |
| xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2006-2539 | 1 Sybase | 1 Easerver | 2017-07-20 | 3.5 LOW | N/A |
| Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | |||||
| CVE-2006-2537 | 3 Horizontal Shooter Bor, Openbor, Senile Team | 3 Horizontal Shooter Bor, Openbor, Beats Of Rage | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function. | |||||
| CVE-2006-2528 | 1 Smartisoft | 1 Phpbazar | 2017-07-20 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | |||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | |||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | |||||
| CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-07-20 | 7.5 HIGH | N/A |
| Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | |||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2165 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 7.5 HIGH | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | |||||
| CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2017-07-20 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | |||||
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-20 | 6.4 MEDIUM | N/A |
| Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | |||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | |||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2017-07-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2488 | 1 Spymac | 1 Spymac Web Os | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. | |||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | |||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | |||||
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | |||||
| CVE-2006-2164 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | |||||
| CVE-2006-2438 | 1 Caucho Technology | 1 Resin | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid. | |||||
| CVE-2006-2163 | 1 Desert Dog Software | 1 Pinnacle Cart | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. | |||||
| CVE-2006-2158 | 1 Stadtaus | 1 Guestbook Script | 2017-07-20 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. | |||||
| CVE-2006-2155 | 1 Emc | 1 Retrospect | 2017-07-20 | 4.6 MEDIUM | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | |||||
| CVE-2006-2154 | 1 Emc | 1 Retrospect | 2017-07-20 | 7.2 HIGH | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | |||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1466 | 1 Apple | 2 Mac Os X, Xcode | 2017-07-20 | 4.0 MEDIUM | N/A |
| Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | |||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0810 | 1 Skate Board | 1 Skate Board | 2017-07-20 | 3.5 LOW | N/A |
| Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. | |||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | |||||
| CVE-2006-1457 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 2.6 LOW | N/A |
| Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | |||||
| CVE-2006-1456 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. | |||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 7.8 HIGH | N/A |
| QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | |||||
| CVE-2006-1401 | 1 Php Lite | 1 Calendar Express | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||