Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3526 | 1 Sport-slo | 1 Sport-slo Advanced Guestbook | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. | |||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2018-10-18 | 10.0 HIGH | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | |||||
| CVE-2006-3544 | 1 Invision Power Services | 1 Invision Board | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run." | |||||
| CVE-2006-3358 | 1 Newsphp | 1 Newsphp | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue. | |||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | |||||
| CVE-2006-3532 | 1 Pivot | 1 Pivot | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. | |||||
| CVE-2006-3492 | 1 Mico | 1 Mico | 2018-10-18 | 5.0 MEDIUM | N/A |
| The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect "object key", which triggers an assert error. | |||||
| CVE-2006-3559 | 1 Arif Supriyanto | 1 Auracms | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters. | |||||
| CVE-2006-3257 | 1 Claroline | 1 Claroline | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. | |||||
| CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | |||||
| CVE-2006-3304 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | |||||
| CVE-2006-3271 | 1 Softbiz | 1 Dating Script | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | |||||
| CVE-2006-3242 | 1 Mutt | 1 Mutt | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. | |||||
| CVE-2006-3268 | 1 Novell | 1 Groupwise | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | |||||
| CVE-2006-3250 | 1 Microsoft | 1 Windows Live Messenger | 2018-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. | |||||
| CVE-2006-3252 | 1 Algorithmic Research | 1 Privatewire Gateway | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2006-3253 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 2.6 LOW | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer." | |||||
| CVE-2006-3264 | 1 Namo | 1 Deepsearch | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2006-3261 | 1 Trend Micro | 1 Control Manager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. | |||||
| CVE-2006-3260 | 1 Virtual Design Studios | 1 Vlbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-3259 | 1 E107 | 1 E107 | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). | |||||
| CVE-2006-3143 | 1 Maximus | 1 Schoolmax | 2018-10-18 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. | |||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | |||||
| CVE-2006-3295 | 1 George Currums | 1 Open Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2006-3132 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. | |||||
| CVE-2006-3296 | 1 George Currums | 1 Open Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-3128 | 1 Easy-cms | 1 Easy-cms | 2018-10-18 | 4.6 MEDIUM | N/A |
| choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory. | |||||
| CVE-2006-3299 | 1 Metalheadws | 1 Usenet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | |||||
| CVE-2006-3173 | 1 Content\*builder | 1 Content\*builder | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3179 | 1 Swsoft | 1 Confixx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | |||||
| CVE-2006-3170 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 5.0 MEDIUM | N/A |
| CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message. | |||||
| CVE-2006-3169 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. | |||||
| CVE-2006-3168 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php. | |||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | |||||
| CVE-2006-3191 | 1 Tpvgames | 1 Mpcs | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | |||||
| CVE-2006-3161 | 1 Saphp | 1 Saphplesson | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. | |||||
| CVE-2006-3194 | 1 Singapore | 1 Singapore | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. | |||||
| CVE-2006-3209 | 1 Microsoft | 1 Windows Xp | 2018-10-18 | 7.2 HIGH | N/A |
| ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. | |||||
| CVE-2006-3195 | 1 Singapore | 1 Singapore | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. | |||||
| CVE-2006-3196 | 1 Singapore | 1 Singapore | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message. | |||||
| CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-3201 | 1 Hp | 1 Hp-ux | 2018-10-18 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie. | |||||
| CVE-2006-3205 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions. | |||||
| CVE-2006-3206 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records. | |||||
| CVE-2006-3207 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. | |||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. | |||||