Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2332 | 1 Mozilla | 1 Firefox | 2018-10-18 | 2.6 LOW | N/A |
| Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. | |||||
| CVE-2006-2333 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. | |||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2018-10-18 | 2.1 LOW | N/A |
| The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | |||||
| CVE-2006-2335 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 6.5 MEDIUM | N/A |
| Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection. | |||||
| CVE-2006-2336 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | |||||
| CVE-2006-2338 | 1 Planet Concept | 1 Planetstat | 2018-10-18 | 7.5 HIGH | N/A |
| PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page. | |||||
| CVE-2006-2347 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 5.0 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2348 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2349 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 6.8 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files. | |||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2386 | 1 Microsoft | 1 Outlook Express | 2018-10-18 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||||
| CVE-2006-2391 | 1 Emc | 1 Retrospect Client | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. | |||||
| CVE-2006-2393 | 1 Empire Server | 1 Empire Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | |||||
| CVE-2006-2394 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | |||||
| CVE-2006-2397 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal. | |||||
| CVE-2006-2398 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter. | |||||
| CVE-2006-2400 | 1 Outgun | 1 Outgun | 2018-10-18 | 7.8 HIGH | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | |||||
| CVE-2006-2402 | 1 Outgun | 1 Outgun | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | |||||
| CVE-2006-2404 | 1 Radscripts | 1 Radlance | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | |||||
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | |||||
| CVE-2006-2410 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | |||||
| CVE-2006-2411 | 1 Raydium | 1 Raydium | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client. | |||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | |||||
| CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2018-10-18 | 5.0 MEDIUM | N/A |
| GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | |||||
| CVE-2006-2414 | 1 Timo Sirainen | 1 Dovecot | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | |||||
| CVE-2006-2423 | 1 Swsoft | 1 Confixx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||||
| CVE-2006-2425 | 1 Phpremoteview | 1 Phpremoteview | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | |||||
| CVE-2006-2426 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-18 | 6.4 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | |||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2018-10-18 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2006-2428 | 1 Duware | 1 Dubanner | 2018-10-18 | 6.4 MEDIUM | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2006-2167 | 1 Sloughflash | 1 Sf-users | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. | |||||
| CVE-2006-2187 | 1 Zenphoto | 1 Zenphoto | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. | |||||
| CVE-2006-2231 | 1 Big Webmaster | 1 Big Webmaster Guestbook Script | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi. | |||||
| CVE-2006-2230 | 1 Xine | 1 Xine | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability. | |||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-2202 | 1 Invision Power Services | 1 Invision Gallery | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | |||||
| CVE-2006-2252 | 1 Openfaq | 1 Openfaq | 2018-10-18 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2267 | 1 Kerio | 1 Winroute Firewall | 2018-10-18 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3. | |||||
| CVE-2006-2175 | 1 Ftrainsoft | 1 Fast Click | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php. | |||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 6.4 MEDIUM | N/A |
| CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | |||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 5.5 MEDIUM | N/A |
| SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | |||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | |||||
| CVE-2006-2228 | 1 W-agora | 1 W-agora | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. | |||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2018-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | |||||
| CVE-2006-2160 | 1 Russcom Network | 1 Loginphp | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. | |||||
| CVE-2006-2262 | 1 Singapore | 1 Singapore | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2006-2142 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | |||||
| CVE-2006-2161 | 3 Cam Development, Erik Dienske, Roger Aelbrecht | 3 Cam Unzip, Abakt, Tzipbuilder | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name. | |||||
| CVE-2006-2143 | 1 Jcink | 1 Textfilebb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. | |||||