Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1878 | 1 Phpfaber | 1 Topsites | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-2059 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier. | |||||
| CVE-2006-2058 | 1 Avant Force | 1 Avant Browser | 2018-10-18 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2040 | 1 Photokorn | 1 Photokorn | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php. | |||||
| CVE-2006-2037 | 1 Thwboard | 1 Thwboard | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. | |||||
| CVE-2006-2036 | 1 Iopus | 1 Secure Email Attachments | 2018-10-18 | 2.1 LOW | N/A |
| iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring. | |||||
| CVE-2006-2057 | 3 Avant Force, Microsoft, Mozilla | 4 Avant Browser, Ie, Outlook and 1 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2056 | 1 Microsoft | 1 Ie | 2018-10-18 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API. | |||||
| CVE-2006-2060 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. | |||||
| CVE-2006-2035 | 1 Websense | 1 Websense | 2018-10-18 | 3.7 LOW | N/A |
| Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL. | |||||
| CVE-2006-2034 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | |||||
| CVE-2006-2033 | 1 Corenews | 1 Corenews | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue. | |||||
| CVE-2006-2032 | 1 Corenews | 1 Corenews | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php. | |||||
| CVE-2006-2030 | 1 Alliedtelesyn | 1 At-9724ts | 2018-10-18 | 5.0 MEDIUM | N/A |
| The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing. | |||||
| CVE-2006-2029 | 1 Simplog | 1 Simplog | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. | |||||
| CVE-2006-2028 | 1 Simplog | 1 Simplog | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal. | |||||
| CVE-2006-2027 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2018-10-18 | 6.5 MEDIUM | N/A |
| Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. NOTE: the original researcher claims that the vendor disputes this issue. | |||||
| CVE-2006-1941 | 1 Neon Software | 1 Neon Responder | 2018-10-18 | 5.0 MEDIUM | N/A |
| Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. | |||||
| CVE-2006-2023 | 1 Ls3 | 1 Fenice | 2018-10-18 | 5.0 MEDIUM | N/A |
| Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access. | |||||
| CVE-2006-2022 | 1 Ls3 | 1 Fenice | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2006-2021 | 1 Asteriskathome | 1 Asteriskathome | 2018-10-18 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files. | |||||
| CVE-2006-1912 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 5.8 MEDIUM | N/A |
| MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. | |||||
| CVE-2006-2020 | 1 Asteriskathome | 1 Asteriskathome | 2018-10-18 | 7.8 HIGH | N/A |
| Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. | |||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2018-10-18 | 5.0 MEDIUM | N/A |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | |||||
| CVE-2006-2018 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. | |||||
| CVE-2006-1879 | 1 Oracle | 1 Collaboration Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04. | |||||
| CVE-2006-1880 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component. | |||||
| CVE-2006-2012 | 1 Skulltag Team | 1 Skulltag | 2018-10-18 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string. | |||||
| CVE-2006-2011 | 1 4homepages | 1 4images | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php. | |||||
| CVE-2006-2005 | 1 Clansys | 1 Clansys | 2018-10-18 | 7.5 HIGH | N/A |
| Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection. | |||||
| CVE-2006-2004 | 1 Michael Romedahl | 1 Ri Blog | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields. | |||||
| CVE-2006-2002 | 1 Mygamingladder | 1 Mygamingladder | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | |||||
| CVE-2006-2061 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. | |||||
| CVE-2006-2001 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. | |||||
| CVE-2006-1999 | 1 Openttd | 1 Openttd | 2018-10-18 | 5.0 MEDIUM | N/A |
| The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu. | |||||
| CVE-2006-1998 | 1 Openttd | 1 Openttd | 2018-10-18 | 2.1 LOW | N/A |
| OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. | |||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | |||||
| CVE-2006-1995 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | |||||
| CVE-2006-1926 | 1 Thwboard | 1 Thwboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. | |||||
| CVE-2006-2010 | 1 Paras Chopra | 1 Bloggage | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter. | |||||
| CVE-2006-1979 | 1 Manic Web | 1 Mwguest | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. | |||||
| CVE-2006-1977 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters. | |||||
| CVE-2006-2009 | 1 Phpmyagenda | 1 Phpmyagenda | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter. | |||||
| CVE-2006-1972 | 1 Wingnut | 1 Easygallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter. | |||||
| CVE-2006-1881 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Financials for Asia/Pacific component in Oracle E-Business Suite and Applications 11.5.9 has unknown impact and attack vectors. component, aka Vuln# APPS02. | |||||
| CVE-2006-1971 | 1 Krankikom | 1 Contentboxx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-1990 | 1 Php | 1 Php | 2018-10-18 | 5.0 MEDIUM | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | |||||
| CVE-2006-1966 | 1 Fortinet | 1 Fortinet28 | 2018-10-18 | 5.0 MEDIUM | N/A |
| An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST. | |||||
| CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1963 | 1 Pcpin | 1 Pcpin Chat | 2018-10-18 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code. | |||||