Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3914 | 1 Blackboard | 1 Blackboard Academic Suite | 2018-10-17 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. | |||||
| CVE-2006-3884 | 1 Gonafish | 1 Linkscaffe | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE. | |||||
| CVE-2006-3913 | 1 Freeciv | 1 Freeciv | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. | |||||
| CVE-2006-3911 | 1 Php Live | 1 Php Live | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php. | |||||
| CVE-2006-4023 | 1 Php | 1 Php | 2018-10-17 | 5.0 MEDIUM | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | |||||
| CVE-2006-3956 | 1 Total Online Solutions | 1 Advanced Webhost Billing System | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. | |||||
| CVE-2006-3862 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). | |||||
| CVE-2006-4003 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2018-10-17 | 5.0 MEDIUM | N/A |
| The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp. | |||||
| CVE-2006-4001 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 7.5 HIGH | N/A |
| Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. | |||||
| CVE-2006-4021 | 1 Scatterchat | 1 Scatterchat | 2018-10-17 | 2.6 LOW | N/A |
| The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. | |||||
| CVE-2006-4015 | 1 Hp | 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl | 2018-10-17 | 5.0 MEDIUM | N/A |
| Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. | |||||
| CVE-2006-3909 | 1 Wired Community Software | 1 Wwwthreads | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter. | |||||
| CVE-2006-4000 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-3907 | 1 Siemens | 1 Speedstream Wireless Router | 2018-10-17 | 5.0 MEDIUM | N/A |
| Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. | |||||
| CVE-2006-3999 | 1 Iss | 1 Blackice Pc Protection | 2018-10-17 | 4.6 MEDIUM | N/A |
| ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions. | |||||
| CVE-2006-3967 | 1 Moskool | 1 Moskool | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3881 | 1 Musicbox | 1 Musicbox | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806. | |||||
| CVE-2006-3973 | 1 My Firewall Plus | 1 My Firewall Plus | 2018-10-17 | 7.2 HIGH | N/A |
| My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges. | |||||
| CVE-2006-3905 | 1 Mywebland | 1 Mybloggie | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. | |||||
| CVE-2006-3997 | 1 Wowroster | 1 Wowroster | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. | |||||
| CVE-2006-3903 | 1 Mywebland | 1 Mybloggie | 2018-10-17 | 5.8 MEDIUM | N/A |
| CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. | |||||
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
| CVE-2006-3984 | 2 Gianluca Baldo, Phpadsnew | 2 Phpauction, Phpadsnew | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter. | |||||
| CVE-2006-3940 | 1 Phpbb Group | 1 Phpbb-auction | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. | |||||
| CVE-2006-3901 | 1 Tumbleweed | 1 Mailgate Email Firewall | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename. | |||||
| CVE-2006-3900 | 1 Tobias Kloy | 1 Tp-book | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2006-3948 | 1 Php-nuke | 1 Inp | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2006-3996 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2018-10-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. | |||||
| CVE-2006-3986 | 1 Knusperleicht | 1 Newsletter | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter. | |||||
| CVE-2006-3937 | 1 Xguestbook | 1 Xguestbook | 2018-10-17 | 5.0 MEDIUM | N/A |
| post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message. | |||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2018-10-17 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | |||||
| CVE-2006-3861 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 4.0 MEDIUM | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | |||||
| CVE-2006-3987 | 1 Knusperleicht | 1 Knusperleicht Filemanager | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters. | |||||
| CVE-2006-3993 | 1 Tsep | 1 Tsep | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter. | |||||
| CVE-2006-3935 | 1 Alkacon | 1 Opencms | 2018-10-17 | 6.5 MEDIUM | N/A |
| system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. | |||||
| CVE-2006-3933 | 1 Alkacon | 1 Opencms | 2018-10-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. | |||||
| CVE-2006-4012 | 1 Savewebportal | 1 Savewebportal | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687. | |||||
| CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | |||||
| CVE-2006-4009 | 1 Vwar | 1 Virtual War | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-3890 | 2 Sky Software, Winzip | 2 Fileview Activex Control, Winzip | 2018-10-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. | |||||
| CVE-2006-3989 | 1 Knusperleicht | 1 Shoutbox | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter. | |||||
| CVE-2006-4019 | 1 Squirrelmail | 1 Squirrelmail | 2018-10-17 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||||
| CVE-2006-3878 | 1 Opsware | 1 Network Automation System | 2018-10-17 | 2.1 LOW | N/A |
| Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql. | |||||
| CVE-2006-3869 | 1 Microsoft | 1 Ie | 2018-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. | |||||
| CVE-2006-3988 | 1 Knusperleicht | 1 Newsreporter | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter. | |||||
| CVE-2006-4008 | 1 Knusperleicht | 1 Faq | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. | |||||
| CVE-2006-3886 | 1 Musicbox | 1 Musicbox | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360. | |||||
| CVE-2006-3955 | 1 Minibb | 1 Minibb | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. | |||||
| CVE-2006-3875 | 1 Microsoft | 2 Excel, Excel Viewer | 2018-10-17 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. | |||||
| CVE-2006-3883 | 1 Gonafish | 1 Linkscaffe | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php. | |||||