Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration. | |||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | |||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2847 | 1 Full Revolution | 1 Aspweblinks | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | |||||
| CVE-2006-2848 | 1 Full Revolution | 1 Aspweblinks | 2018-10-18 | 5.0 MEDIUM | N/A |
| links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field. | |||||
| CVE-2006-2828 | 1 Php-nuke | 1 Ev | 2018-10-18 | 6.4 MEDIUM | N/A |
| Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. | |||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | |||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | |||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | |||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | |||||
| CVE-2006-2821 | 1 Deltascripts | 1 Pro Publish | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php. | |||||
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2849 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | |||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | |||||
| CVE-2006-2845 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | |||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | |||||
| CVE-2006-2787 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 9.3 HIGH | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | |||||
| CVE-2006-2786 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 2.6 LOW | N/A |
| HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | |||||
| CVE-2006-2785 | 1 Mozilla | 1 Firefox | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. | |||||
| CVE-2006-2778 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 5.0 MEDIUM | N/A |
| The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | |||||
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | |||||
| CVE-2006-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | |||||
| CVE-2006-2631 | 1 Phpfox | 1 Phpfox | 2018-10-18 | 4.0 MEDIUM | N/A |
| phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. | |||||
| CVE-2006-2632 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. | |||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. | |||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | |||||
| CVE-2006-2637 | 1 Tuttophp | 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. | |||||
| CVE-2006-2638 | 1 Qjstudios | 1 Qjforum | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. | |||||
| CVE-2006-2639 | 1 Phpsimplechoose | 1 Phpsimplechoose | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | |||||
| CVE-2006-2641 | 1 John Frank | 1 Asset Manager | 2018-10-18 | 5.8 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2642 | 1 Php-residence | 1 Php-residence | 2018-10-18 | 4.3 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2643 | 1 Circle R | 1 Monster Top List | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. | |||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | |||||
| CVE-2006-2651 | 1 Vacation Rentals | 1 Vacation Rental Script | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. | |||||
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2018-10-18 | 4.6 MEDIUM | N/A |
| VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||||
| CVE-2006-2664 | 1 Ifdate.com | 1 Ifdate | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. | |||||
| CVE-2006-2667 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | |||||
| CVE-2006-2668 | 1 Docebolms | 1 Docebolms | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. | |||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | |||||
| CVE-2006-2745 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. | |||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. | |||||
| CVE-2006-2672 | 1 Interquest Internet Services | 1 Realty Pro One | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection. | |||||
| CVE-2006-2673 | 1 E-board | 1 Elite-board | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. | |||||