Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0341 | 1 Rockliffe | 1 Mailsite | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2006-0338 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. | |||||
| CVE-2006-0337 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, Internet Gatekeeper and 1 more | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. | |||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2017-07-20 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | |||||
| CVE-2006-0335 | 1 Kerio | 1 Winroute Firewall | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. | |||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". | |||||
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | |||||
| CVE-2005-4141 | 1 Aspmforum | 1 Aspmforum | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp. | |||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2017-07-20 | 7.8 HIGH | N/A |
| The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | |||||
| CVE-2005-4193 | 1 Usebb | 1 Usebb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable. | |||||
| CVE-2005-4087 | 1 Sugarcrm | 1 Sugar Suite | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. | |||||
| CVE-2005-4074 | 1 Mycfnuke | 1 Cf Nuke | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters. | |||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-0322 | 1 Mediawiki | 1 Mediawiki | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." | |||||
| CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | |||||
| CVE-2006-0316 | 1 Aol | 1 Aol Client Software | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2005-4043 | 1 Hobosworld | 1 Hobsr | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. | |||||
| CVE-2006-0245 | 1 Devellion | 1 Cubecart | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152. | |||||
| CVE-2005-4039 | 1 Web4future | 1 Portal Solutions | 2017-07-20 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. | |||||
| CVE-2005-4038 | 1 Web4future | 1 Portal Solutions | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. | |||||
| CVE-2006-0243 | 1 Smbcms | 1 Smbcms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0238 | 1 Gamerz | 1 Wp-stats | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. | |||||
| CVE-2006-0237 | 1 Gtp | 1 Icommerce | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0228 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2017-07-20 | 7.2 HIGH | N/A |
| The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active. | |||||
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2005-4019 | 1 Relative Real Estate Systems | 1 Relative Real Estate Systems | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. | |||||
| CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 10.0 HIGH | N/A |
| Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | |||||
| CVE-2005-4015 | 1 Php Web | 1 Statistik | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | |||||
| CVE-2006-0219 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | |||||
| CVE-2006-0217 | 1 Ultimate Auction | 1 Ultimate Auction | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1. | |||||
| CVE-2006-0214 | 1 Indexcor | 1 Ezdatabase | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | |||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2017-07-20 | 7.8 HIGH | N/A |
| stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | |||||
| CVE-2006-0206 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | |||||
| CVE-2006-0184 | 1 Mainenet Enterprises | 1 Asptopsites | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | |||||
| CVE-2005-4013 | 1 Php Web | 1 Statistik | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file. | |||||
| CVE-2005-4012 | 1 Php Web | 1 Statistik | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. | |||||
| CVE-2006-0181 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 7.2 HIGH | N/A |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. | |||||
| CVE-2006-0178 | 1 Cray | 1 Unicos | 2017-07-20 | 7.2 HIGH | N/A |
| Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2006-0177 | 1 Cray | 1 Unicos | 2017-07-20 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. | |||||
| CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2017-07-20 | 7.5 HIGH | N/A |
| Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | |||||
| CVE-2006-0165 | 1 Plain Black | 1 Webgui | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. | |||||
| CVE-2006-0164 | 1 Woah-projekt | 1 Phgstats | 2017-07-20 | 7.5 HIGH | N/A |
| phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable. | |||||
| CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | |||||
| CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | |||||
| CVE-2006-0162 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | |||||
| CVE-2006-0142 | 1 Andromeda Software | 1 Andromeda | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0141 | 1 Eudora | 1 Internet Mail Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. | |||||
| CVE-2006-0139 | 1 Pd9 Software | 1 Megabbs | 2017-07-20 | 5.0 MEDIUM | N/A |
| The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. | |||||
| CVE-2006-0148 | 1 Netsarang | 1 Xlpd | 2017-07-20 | 5.0 MEDIUM | N/A |
| NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | |||||
| CVE-2006-0128 | 1 Rockliffe | 1 Mailsite | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | |||||