Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1961 | 1 Cisco | 5 Ciscoworks 2000 Service Management Solution, Ethernet Subscriber Solution Engine, Hosting Solution Engine and 2 more | 2018-10-18 | 7.5 HIGH | N/A |
| Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. | |||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-18 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||||
| CVE-2006-1960 | 1 Cisco | 1 Wireless Lan Solution Engine | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. | |||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2006-1817 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. | |||||
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. | |||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | |||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-1754 | 1 Swsoft | 1 Confixx | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | |||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | |||||
| CVE-2006-1869 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. | |||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | |||||
| CVE-2006-1848 | 1 Linpha | 1 Linpha | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. | |||||
| CVE-2006-1806 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. | |||||
| CVE-2006-1798 | 1 Rateit | 1 Rateit | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter. | |||||
| CVE-2006-1759 | 1 Swsoft | 1 Confixx | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | |||||
| CVE-2006-1758 | 1 Bill Shupp | 1 Vegadns | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-1757 | 1 Bill Shupp | 1 Vegadns | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | |||||
| CVE-2006-1789 | 1 Georges Auberger | 1 Pajax | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. | |||||
| CVE-2006-1788 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. | |||||
| CVE-2006-1807 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action. | |||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2018-10-18 | 7.5 HIGH | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | |||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | |||||
| CVE-2006-1786 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. | |||||
| CVE-2006-1785 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.1 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. | |||||
| CVE-2006-1755 | 1 Matthew Dingley | 1 Md News | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | |||||
| CVE-2006-1801 | 1 Planet Concept | 1 Planetsearch\+ | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter. | |||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2018-10-18 | 1.2 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | |||||
| CVE-2006-1802 | 1 Tinywebgallery | 1 Tinywebgallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter. | |||||
| CVE-2006-1864 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | |||||
| CVE-2006-1762 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. | |||||
| CVE-2006-1779 | 1 Simplog | 1 Simplog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. | |||||
| CVE-2006-1803 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. | |||||
| CVE-2006-1777 | 1 Simplog | 1 Simplog | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php. | |||||
| CVE-2006-1776 | 1 Simplog | 1 Simplog | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | |||||
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | |||||
| CVE-2006-1747 | 1 Vwar | 1 Virtual War | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503. | |||||
| CVE-2006-1774 | 1 Hp | 2 Compaqhttpserver, System Management Homepage | 2018-10-18 | 7.5 HIGH | N/A |
| HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. | |||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | |||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | |||||
| CVE-2006-1809 | 1 Lifetype | 1 Lifetype | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message. | |||||
| CVE-2006-1742 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | |||||
| CVE-2006-1810 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 1.9 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile. | |||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | |||||
| CVE-2006-1835 | 1 Vincent Hor | 2 Calendarix, Calendarix Advanced | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | |||||
| CVE-2006-1812 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 6.4 MEDIUM | N/A |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-1808 | 1 Lifetype | 1 Lifetype | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | |||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. | |||||