Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2247 | 1 Webcalendar | 1 Webcalendar | 2018-10-18 | 5.0 MEDIUM | N/A |
| WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2006-2246 | 1 Uapplication | 1 Ublog | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry. | |||||
| CVE-2006-2211 | 1 321soft | 1 Php-gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter. | |||||
| CVE-2006-2177 | 1 Bitdamaged | 1 Geoblog | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-2284 | 2 Claroline, Dokeos | 2 Claroline, Dokeos | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php. | |||||
| CVE-2006-2153 | 1 Jbmc Software | 1 Directadmin | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||||
| CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2018-10-18 | 7.5 HIGH | N/A |
| FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | |||||
| CVE-2006-2144 | 1 Dmcounter | 1 Dmcounter | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | |||||
| CVE-2006-2189 | 1 Servous | 1 Sblog | 2018-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135. | |||||
| CVE-2006-2283 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled. | |||||
| CVE-2006-2188 | 1 Cmscout | 1 Cmscout | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. | |||||
| CVE-2006-2278 | 1 Arabless | 1 Saphplesson | 2018-10-18 | 5.0 MEDIUM | N/A |
| SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php. | |||||
| CVE-2006-2138 | 1 Neomail | 1 Neomail | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | |||||
| CVE-2006-2236 | 1 Id Software | 4 Quake 3 Arena, Quake 3 Engine, Return To Castle Wolfenstein and 1 more | 2018-10-18 | 7.6 HIGH | N/A |
| Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command. | |||||
| CVE-2006-2235 | 1 Codemunkyx | 1 Simple Poll | 2018-10-18 | 7.6 HIGH | N/A |
| CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application. | |||||
| CVE-2006-2234 | 1 Tyrocms | 1 Tyrocms | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag. | |||||
| CVE-2006-2156 | 1 X7 Group | 1 X7 Chat | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. | |||||
| CVE-2006-2233 | 1 Banktown | 1 Btcxctl20com Activex Control | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information. | |||||
| CVE-2006-2232 | 1 Scriptsez | 1 Cute Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook. | |||||
| CVE-2006-2172 | 1 Gene6 | 1 G6 Ftp Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2227 | 1 Punbb | 1 Punbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. | |||||
| CVE-2006-2225 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. | |||||
| CVE-2006-2282 | 1 X7 Group | 1 X7 Chat | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php. | |||||
| CVE-2006-2222 | 1 Norz | 1 Zawhttpd | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters. | |||||
| CVE-2006-2221 | 2 Bitrock, Process-one | 2 Install Builder, Ejabberd | 2018-10-18 | 2.1 LOW | N/A |
| A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. | |||||
| CVE-2006-2280 | 1 Openengine | 1 Openengine | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter. | |||||
| CVE-2006-2277 | 1 Apple | 1 Mac Os X | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file. | |||||
| CVE-2006-2241 | 1 Ftrainsoft | 1 Fast Click | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175. | |||||
| CVE-2006-2273 | 1 Verisign | 1 I-nav | 2018-10-18 | 9.3 HIGH | N/A |
| The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file. | |||||
| CVE-2006-2216 | 1 Devsyn | 1 Open Bulletin Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. | |||||
| CVE-2006-2270 | 1 Jetbox | 1 Jetbox Cms | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter. | |||||
| CVE-2006-2269 | 1 Mywebland | 1 Mybloggie | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. | |||||
| CVE-2006-2212 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-18 | 6.4 MEDIUM | N/A |
| Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. | |||||
| CVE-2006-2186 | 1 Zenphoto | 1 Zenphoto | 2018-10-18 | 5.0 MEDIUM | N/A |
| zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message. | |||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2018-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | |||||
| CVE-2006-2097 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | |||||
| CVE-2006-2096 | 1 Neocrome | 1 Land Down Under | 2018-10-18 | 5.0 MEDIUM | N/A |
| plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message. | |||||
| CVE-2006-2079 | 1 Verosky Media | 1 Instant Photo Gallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||||
| CVE-2006-2088 | 1 Devsyn | 1 Open Bulletin Board | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php). | |||||
| CVE-2006-2119 | 1 Artmedic Webdesign | 1 Artmedic Event | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | |||||
| CVE-2006-2121 | 1 I-rater | 1 I-rater Platinum | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929. | |||||
| CVE-2006-2080 | 1 Verosky Media | 1 Instant Photo Gallery | 2018-10-18 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS. | |||||
| CVE-2006-2089 | 1 Mysmartbb | 1 Mysmartbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. | |||||
| CVE-2006-2086 | 1 Juniper | 1 Junipersetup Control | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. | |||||
| CVE-2006-2100 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | |||||
| CVE-2006-2127 | 1 Blog Mod | 1 Blog Mod | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2006-2118 | 1 Jmk Web Scripts | 1 Jmk Picture Gallery | 2018-10-18 | 7.5 HIGH | N/A |
| JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | |||||
| CVE-2006-2082 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | |||||