Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2114 | 1 Sws | 1 Sws Simple Web Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | |||||
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2018-10-18 | 7.5 HIGH | N/A |
| planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | |||||
| CVE-2006-2091 | 1 Vwar | 1 Virtual War | 2018-10-18 | 5.0 MEDIUM | N/A |
| admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message. | |||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | |||||
| CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | |||||
| CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2081 | 1 Oracle | 1 Database Server | 2018-10-18 | 4.6 MEDIUM | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se. | |||||
| CVE-2006-2102 | 1 Poweriso | 1 Poweriso | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2279 | 1 Arabless | 1 Saphplesson | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php. | |||||
| CVE-2006-2048 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2. | |||||
| CVE-2006-1953 | 1 Caucho Technology | 1 Resin | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | |||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. | |||||
| CVE-2006-1900 | 1 W3c | 1 Amaya | 2018-10-18 | 7.6 HIGH | N/A |
| Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | |||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. | |||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | |||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | |||||
| CVE-2006-1885 | 1 Oracle | 1 Enterprise Manager | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02. | |||||
| CVE-2006-1886 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01. | |||||
| CVE-2006-1887 | 1 Oracle | 1 Enterpriseone | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01. | |||||
| CVE-2006-1889 | 1 Script-solution.de | 1 Boardsolution | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). | |||||
| CVE-2006-1892 | 1 Alwil | 1 Avast Antivirus | 2018-10-18 | 4.9 MEDIUM | N/A |
| avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory. | |||||
| CVE-2006-1893 | 1 Ar-blog | 1 Ar-blog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-1894 | 1 Revoboard | 1 Revoboard | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant. | |||||
| CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | |||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2018-10-18 | 5.0 MEDIUM | N/A |
| Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | |||||
| CVE-2006-1901 | 1 Mozilla | 1 Camino | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724. | |||||
| CVE-2006-1872 | 1 Oracle | 1 Database Server | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. | |||||
| CVE-2006-1925 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist. | |||||
| CVE-2006-1903 | 1 Userland | 1 Manila | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769. | |||||
| CVE-2006-1904 | 1 Animegenesis | 1 Gallery | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | |||||
| CVE-2006-1958 | 1 Wired Community Software | 1 Wwwthreads | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php. | |||||
| CVE-2006-1959 | 1 Actualscripts | 1 Actualanalyzer | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | |||||
| CVE-2006-1899 | 1 Dev | 1 Neuron Blog | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | |||||
| CVE-2006-2071 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 2.1 LOW | N/A |
| Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. | |||||
| CVE-2006-2070 | 1 Mybb | 1 Devbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. | |||||
| CVE-2006-2067 | 1 Mkportal | 1 Mkportal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2006-2065 | 1 Phpsurveyor | 1 Phpsurveyor | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable. | |||||
| CVE-2006-2055 | 1 Microsoft | 1 Outlook | 2018-10-18 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-1942 | 3 K-meleon Project, Mozilla, Netscape | 3 K-meleon, Firefox, Navigator | 2018-10-18 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." | |||||
| CVE-2006-2052 | 1 Verosky Media | 1 Instant Photo Gallery | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. | |||||
| CVE-2006-1906 | 1 Jjgan852 | 1 Phplister | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-2051 | 1 Nextage | 1 Nextage Shopping Cart | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. | |||||
| CVE-2006-2050 | 1 Dcscripts | 1 Dcforumlite | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. | |||||
| CVE-2006-2049 | 1 Dcscripts | 1 Dcforumlite | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. | |||||
| CVE-2006-1891 | 1 Betaboard | 1 Betaboard | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | |||||
| CVE-2006-2045 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2018-10-18 | 3.6 LOW | N/A |
| The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data. | |||||
| CVE-2006-2044 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2018-10-18 | 7.5 HIGH | N/A |
| na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin. | |||||
| CVE-2006-2043 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2018-10-18 | 4.6 MEDIUM | N/A |
| na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). | |||||