Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3211 | 1 Cjguestbook | 1 Cjguestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter. | |||||
| CVE-2006-3213 | 1 Webboa | 1 Webboa | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. | |||||
| CVE-2006-3158 | 1 Eduha Meeting | 1 Eduha Meeting | 2018-10-18 | 7.5 HIGH | N/A |
| index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action. | |||||
| CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | |||||
| CVE-2006-3217 | 1 Jaguarsoft | 1 Jaguaredit | 2018-10-18 | 2.6 LOW | N/A |
| JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field. | |||||
| CVE-2006-3218 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | |||||
| CVE-2006-3220 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 5.0 MEDIUM | N/A |
| requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2006-3279 | 1 Aewebworks | 1 Aedating | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. | |||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2018-10-18 | 7.5 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | |||||
| CVE-2006-3292 | 1 Jaws | 1 Jaws | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | |||||
| CVE-2006-3273 | 1 Astrodog Press | 1 Some Chess | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | |||||
| CVE-2006-3238 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | |||||
| CVE-2006-3352 | 1 Mozilla | 1 Firefox | 2018-10-18 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status. | |||||
| CVE-2006-3351 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-18 | 5.4 MEDIUM | N/A |
| Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | |||||
| CVE-2006-3350 | 1 Cimmetry Systems | 1 Autovue Solidmodel Professional | 2018-10-18 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive. | |||||
| CVE-2006-3349 | 1 Sms Script | 1 Sms Script | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | |||||
| CVE-2006-3346 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter. | |||||
| CVE-2006-3345 | 1 Ajax Softwares | 1 Alipager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. | |||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | |||||
| CVE-2006-3337 | 1 Cpanel | 1 Cpanel | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-3334 | 1 Greg Roelofs | 1 Libpng | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". | |||||
| CVE-2006-3330 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php. | |||||
| CVE-2006-3329 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | |||||
| CVE-2006-3325 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. | |||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | |||||
| CVE-2006-3323 | 1 Mastersfusion | 1 Mf Piadas | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script. | |||||
| CVE-2006-3322 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function. | |||||
| CVE-2006-3320 | 1 Sitebar | 1 Sitebar | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2006-3319 | 1 Php Icalendar | 1 Php Icalendar | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
| CVE-2006-3317 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116. | |||||
| CVE-2006-3314 | 1 Rahnemaco | 1 Rahnemaco | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. | |||||
| CVE-2006-3313 | 1 Netsoft | 1 Smartnet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. | |||||
| CVE-2006-3312 | 1 Qatraq | 1 Qatraq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release. | |||||
| CVE-2006-3274 | 1 Webmin | 1 Webmin | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | |||||
| CVE-2006-3101 | 1 Cisco | 1 Secure Access Control Server | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. | |||||
| CVE-2006-2968 | 1 Php Labware | 1 Labwiki | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter). | |||||
| CVE-2006-3006 | 1 Ifoto | 1 Ifoto | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter. | |||||
| CVE-2006-2991 | 1 Ringlink | 1 Ringlink | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi. | |||||
| CVE-2006-3012 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | |||||
| CVE-2006-3113 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | |||||
| CVE-2006-3114 | 1 Pc Tools | 1 Pc Tools Antivirus | 2018-10-18 | 4.6 MEDIUM | N/A |
| PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands. | |||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. | |||||
| CVE-2006-3045 | 1 Teake Nutma | 1 Foing | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in manage_songs.php in Foing 0.7.0e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter. | |||||
| CVE-2006-2975 | 1 Pbl Guestbook | 1 Pbl Guestbook | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information. | |||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | |||||
| CVE-2006-3104 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 5.0 MEDIUM | N/A |
| users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message. | |||||
| CVE-2006-3103 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php. | |||||
| CVE-2006-3051 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2018-10-18 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter. | |||||