Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1647 | 1 Smart Technologies | 1 Synchroneyes | 2018-10-18 | 7.8 HIGH | N/A |
| An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port. | |||||
| CVE-2006-1571 | 1 R2xdesign | 1 Qlitenews | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2018-10-18 | 2.1 LOW | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2018-10-18 | 5.0 MEDIUM | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | |||||
| CVE-2006-1645 | 1 Reloadcms | 1 Reloadcms | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel. | |||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | |||||
| CVE-2006-1572 | 1 O2php.com | 1 Oxygen | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. | |||||
| CVE-2006-1638 | 1 Aweb Labs | 1 Awebbb | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | |||||
| CVE-2006-1573 | 1 Mediaslash.com | 1 Mediaslash Gallery | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable). | |||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | |||||
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | |||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | |||||
| CVE-2006-1697 | 1 Matt Wright | 1 Matt Wright Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. | |||||
| CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | |||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2018-10-18 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. | |||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." | |||||
| CVE-2006-1689 | 1 Hp | 1 Hp-ux | 2018-10-18 | 7.2 HIGH | N/A |
| Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | |||||
| CVE-2006-1531 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | |||||
| CVE-2006-1650 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue. | |||||
| CVE-2006-1576 | 1 Vscripts.pl | 1 Qlnews | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | |||||
| CVE-2006-1683 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | |||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-18 | 7.2 HIGH | N/A |
| The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | |||||
| CVE-2006-1537 | 1 Webcalendar | 1 Webcalendar | 2018-10-18 | 5.0 MEDIUM | N/A |
| Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages. | |||||
| CVE-2006-1538 | 1 Enova | 1 X-wall Asic | 2018-10-18 | 4.9 MEDIUM | N/A |
| The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus. | |||||
| CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 2.6 LOW | N/A |
| Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | |||||
| CVE-2006-1679 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. | |||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-18 | 5.0 MEDIUM | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | |||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-18 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | |||||
| CVE-2006-1560 | 1 Skintech | 1 Phpnewsmanager | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information. | |||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | |||||
| CVE-2006-1654 | 1 Hp | 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. | |||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | |||||
| CVE-2006-1598 | 1 An | 1 An-httpd | 2018-10-18 | 7.8 HIGH | N/A |
| AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. | |||||
| CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | |||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | |||||
| CVE-2006-1526 | 1 X.org | 1 X11r6 | 2018-10-18 | 2.1 LOW | N/A |
| Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. | |||||
| CVE-2006-1641 | 1 Czaries Network | 1 Czarnews | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php. | |||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2018-10-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided. | |||||
| CVE-2006-1529 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1530 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2018-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | |||||
| CVE-2006-1533 | 1 Sourceworkshop | 1 Newsletter | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter. | |||||
| CVE-2006-1592 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. | |||||
| CVE-2006-1602 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear. | |||||
| CVE-2006-1583 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. | |||||
| CVE-2006-1534 | 1 Null News | 1 Null News | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php. | |||||
| CVE-2006-1535 | 1 Phoetux.net | 1 Phxcontacts | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||||
| CVE-2006-1536 | 1 Phoetux.net | 1 Phxcontacts | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php. | |||||