Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4852 | 1 Quadcomm | 1 Q-shop | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. | |||||
| CVE-2006-4823 | 1 Reamday Enterprises | 1 Magic News Pro | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. | |||||
| CVE-2006-4864 | 1 All Enthusiast Inc | 1 Reviewpost Php Pro | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter. | |||||
| CVE-2006-4856 | 1 Roller Weblogger | 1 Roller Weblogger | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. | |||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | |||||
| CVE-2006-4861 | 1 Mohammed Mehdi Panjwani | 1 Complain Center | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp. | |||||
| CVE-2006-4862 | 1 Easypagecms | 1 Easypagecms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page. | |||||
| CVE-2006-4820 | 1 Hp | 1 Hp-ux | 2018-10-17 | 2.1 LOW | N/A |
| Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-4810 | 1 Gnu | 1 Texinfo | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | |||||
| CVE-2006-4805 | 1 Wireshark | 1 Wireshark | 2018-10-17 | 5.0 MEDIUM | N/A |
| epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded. | |||||
| CVE-2006-4802 | 1 Symantec | 2 Client Security, Norton Antivirus | 2018-10-17 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. | |||||
| CVE-2006-4797 | 1 Cj Design | 1 Cj Tag Board | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter. | |||||
| CVE-2006-4795 | 1 Hp | 1 Hp-ux | 2018-10-17 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2006-4793 | 1 Tualblog | 1 Tualblog | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter. | |||||
| CVE-2006-4832 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username. | |||||
| CVE-2006-4766 | 1 Stefan Ernst | 1 Newsscript | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter. | |||||
| CVE-2006-4772 | 1 Hotplug Cms | 1 Hotplug Cms | 2018-10-17 | 5.0 MEDIUM | N/A |
| HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc. | |||||
| CVE-2006-4765 | 1 Netgear | 1 Dg834gt | 2018-10-17 | 5.0 MEDIUM | N/A |
| NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. | |||||
| CVE-2006-4764 | 1 Wtools | 1 Wtools | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-4763 | 1 Ibm | 1 Lotus Domino Web Access | 2018-10-17 | 7.5 HIGH | N/A |
| IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. | |||||
| CVE-2006-4771 | 1 Jbc | 1 Forumjbc | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. | |||||
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2018-10-17 | 3.6 LOW | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | |||||
| CVE-2006-4758 | 1 Phpbb Group | 1 Phpbb | 2018-10-17 | 4.6 MEDIUM | N/A |
| phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | |||||
| CVE-2006-4757 | 1 E107 | 1 E107 | 2018-10-17 | 4.6 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | |||||
| CVE-2006-4748 | 1 F-art Agency | 1 Blog Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. | |||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. | |||||
| CVE-2006-4746 | 1 Comscripts | 1 Web Server Creator | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | |||||
| CVE-2006-4745 | 1 Scarybear | 1 Pocketexpense Pro | 2018-10-17 | 3.6 LOW | N/A |
| ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header. | |||||
| CVE-2006-4744 | 1 Abidia | 2 Abidia Wireless, O-anywhere | 2018-10-17 | 5.0 MEDIUM | N/A |
| Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing. | |||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. | |||||
| CVE-2006-4743 | 1 Wordpress | 1 Wordpress | 2018-10-17 | 5.0 MEDIUM | N/A |
| WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. | |||||
| CVE-2006-4742 | 1 Idevspot | 1 Phplinkexchange | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-4741 | 1 Idevspot | 1 Phplinkexchange | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter. | |||||
| CVE-2006-4740 | 1 Jetbox | 1 Jetbox Cms | 2018-10-17 | 5.0 MEDIUM | N/A |
| Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message. | |||||
| CVE-2006-4739 | 1 Jetbox | 1 Jetbox Cms | 2018-10-17 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php. | |||||
| CVE-2006-4749 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. | |||||
| CVE-2006-4738 | 1 Jetbox | 1 Jetbox Cms | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270. | |||||
| CVE-2006-4737 | 1 Jetbox | 1 Jetbox Cms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2. | |||||
| CVE-2006-4735 | 1 Kellan Elliott-mccrea | 1 Magpierss | 2018-10-17 | 5.0 MEDIUM | N/A |
| Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages. | |||||
| CVE-2006-4733 | 1 Sips | 1 Sips | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation. | |||||
| CVE-2006-4732 | 1 Microsoft | 1 Visual Basic | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. | |||||
| CVE-2006-4731 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash). | |||||
| CVE-2006-4713 | 1 Psywerks | 1 Puma | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | |||||
| CVE-2006-4722 | 1 Openbb | 1 Openbb | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php. | |||||
| CVE-2006-4721 | 1 Ccleague | 1 Pro Sports Cms | 2018-10-17 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file. | |||||
| CVE-2006-4709 | 1 Vikingboard | 1 Vikingboard | 2018-10-17 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2006-4708 | 1 Vikingboard | 1 Vikingboard | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php. | |||||
| CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | |||||
| CVE-2006-4706 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761. | |||||
| CVE-2006-4705 | 1 Dominic Gamble | 1 Timesheet.php | 2018-10-17 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||