Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1091 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2017-07-20 | 7.8 HIGH | N/A |
| Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. | |||||
| CVE-2006-1418 | 1 Caloris Planitia Technologies | 1 E-school Management System | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-1416 | 1 Xigla | 1 Absolute Faq Manager .net | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter. | |||||
| CVE-2006-1118 | 1 Bmail | 1 Bmail | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets. | |||||
| CVE-2006-1125 | 1 Grisoft | 1 Avg Antivirus | 2017-07-20 | 4.6 MEDIUM | N/A |
| Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges. | |||||
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 6.4 MEDIUM | N/A |
| Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | |||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | |||||
| CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | |||||
| CVE-2006-1131 | 1 Bitweaver | 1 Bitweaver | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. | |||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. | |||||
| CVE-2006-1140 | 1 Redblog | 1 Redblog | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. | |||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2017-07-20 | 7.8 HIGH | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | |||||
| CVE-2006-1152 | 1 M Phorum | 1 M Phorum | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. | |||||
| CVE-2006-1156 | 1 Manas Tungare | 1 Site Membership Script | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | |||||
| CVE-2006-1162 | 1 Nodez | 1 Nodez | 2017-07-20 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter. | |||||
| CVE-2006-1163 | 1 Nodez | 1 Nodez | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability. | |||||
| CVE-2006-1415 | 1 Dotnetbb | 1 Dotnetbb Forums | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. | |||||
| CVE-2006-1165 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data." | |||||
| CVE-2006-1166 | 1 Monotone | 1 Monotone | 2017-07-20 | 3.7 LOW | N/A |
| Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone. | |||||
| CVE-2006-1414 | 1 Toast Forums | 1 Toast Forums | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in Toast Forums 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, (3) message, or (4) dayprune parameter. | |||||
| CVE-2006-1175 | 1 Weonlydo | 1 Weonlydo Sftp | 2017-07-20 | 4.0 MEDIUM | N/A |
| The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. | |||||
| CVE-2006-1176 | 1 Ebay | 1 Enhanced Picture Services | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2006-1178 | 1 Tamarack Consulting | 1 Tamarack Mmsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | |||||
| CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | |||||
| CVE-2006-1215 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. | |||||
| CVE-2006-1413 | 1 Htmljunction | 1 Ezhomepagepro | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp. | |||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1239 | 1 Countersoft | 1 Gemini | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1411 | 1 Xigla | 1 Absolute Image Gallery Xe | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters. | |||||
| CVE-2006-1410 | 1 Xigla | 1 Absolute Live Support Xe | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field. | |||||
| CVE-2006-1255 | 1 Mercur | 1 Mercur Messaging | 2017-07-20 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. | |||||
| CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | |||||
| CVE-2006-1261 | 1 Aspportal | 1 Aspportal | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1262 | 1 Aspportal | 1 Aspportal | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | |||||
| CVE-2006-1409 | 1 Vavoom | 1 Vavoom | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet. | |||||
| CVE-2006-1266 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. | |||||
| CVE-2006-1352 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents. | |||||
| CVE-2006-1408 | 1 Vavoom | 1 Vavoom | 2017-07-20 | 5.0 MEDIUM | N/A |
| Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket. | |||||
| CVE-2006-1269 | 1 Rahul Dhesi | 1 Zoo | 2017-07-20 | 6.2 MEDIUM | N/A |
| Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive. | |||||
| CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2017-07-20 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1276 | 1 Himpfen Consulting | 1 Php Simplenews | 2017-07-20 | 10.0 HIGH | N/A |
| admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. | |||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2017-07-20 | 5.0 MEDIUM | N/A |
| CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | |||||
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2017-07-20 | 7.5 HIGH | N/A |
| CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | |||||
| CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 7.2 HIGH | N/A |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | |||||
| CVE-2006-1407 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. | |||||
| CVE-2006-1406 | 1 Uniforum | 1 Uniforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. | |||||
| CVE-2006-1286 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2017-07-20 | 2.1 LOW | N/A |
| Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database. | |||||