Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6766 | 1 Cwm-design | 1 Cwmexplorer | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. | |||||
| CVE-2006-6767 | 1 Oftpd | 1 Oftpd | 2017-07-29 | 9.4 HIGH | N/A |
| oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | |||||
| CVE-2006-6808 | 1 Wordpress | 1 Wordpress | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. | |||||
| CVE-2006-6810 | 1 Db Hub | 1 Db Hub | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. | |||||
| CVE-2006-6826 | 1 Personal .net Portal | 1 Personal .net Portal | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." | |||||
| CVE-2006-6868 | 1 Zen Cart | 1 Web Shopping Cart | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6886 | 1 Phpwcms | 1 Phpwcms | 2017-07-29 | 5.0 MEDIUM | N/A |
| phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | |||||
| CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | |||||
| CVE-2006-6920 | 1 Nucleus Cms | 1 Nucleus Cms | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. | |||||
| CVE-2006-6924 | 1 Bitweaver | 1 Bitweaver | 2017-07-29 | 5.0 MEDIUM | N/A |
| bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380. | |||||
| CVE-2006-6925 | 1 Bitweaver | 1 Bitweaver | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. | |||||
| CVE-2006-6931 | 1 Snort | 1 Snort | 2017-07-29 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." | |||||
| CVE-2006-6933 | 1 Efs Software | 1 Easy Chat Server | 2017-07-29 | 7.8 HIGH | N/A |
| Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6939 | 1 Gnu | 1 Ed | 2017-07-29 | 4.6 MEDIUM | N/A |
| GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | |||||
| CVE-2006-6942 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | |||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2017-07-29 | 4.6 MEDIUM | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2006-6950 | 1 Conti | 1 Ftpserver | 2017-07-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. | |||||
| CVE-2006-6951 | 1 Odysseus Blog | 1 Odysseus Blog | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-6963 | 1 Docebo | 1 Docebo | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. | |||||
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2017-07-29 | 4.0 MEDIUM | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | |||||
| CVE-2006-6965 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-29 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks. | |||||
| CVE-2006-6966 | 1 Phpgraphy | 1 Phpgraphy | 2017-07-29 | 7.5 HIGH | N/A |
| phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy. | |||||
| CVE-2006-6972 | 1 Btitracker | 1 Btitracker | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable. | |||||
| CVE-2015-5505 | 1 Codfront Labs | 1 Http Strict Transport Security | 2017-07-26 | 6.8 MEDIUM | N/A |
| The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2017-2605 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000362. Reason: This candidate is a duplicate of CVE-2017-1000362. A vendor reference identifier was mistakenly treated as a CVE ID. Notes: All CVE users should reference CVE-2017-1000362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2010-1154 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none. | |||||
| CVE-2010-1430 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none. | |||||
| CVE-2010-1631 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none. | |||||
| CVE-2010-2069 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2010-3309 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none. | |||||
| CVE-2010-4244 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4234. Reason: This candidate is a duplicate of CVE-2010-4234. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2010-4234 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-3608 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0815. Reason: This candidate is a reservation duplicate of CVE-2012-0815. Notes: All CVE users should reference CVE-2012-0815 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4933 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0819. Reason: This candidate is a reservation duplicate of CVE-2012-0819. Notes: All CVE users should reference CVE-2012-0819 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4934 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0820. Reason: This candidate is a reservation duplicate of CVE-2012-0820. Notes: All CVE users should reference CVE-2012-0820 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4935 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0821. Reason: This candidate is a reservation duplicate of CVE-2012-0821. Notes: All CVE users should reference CVE-2012-0821 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4936 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0822. Reason: This candidate is a reservation duplicate of CVE-2012-0822. Notes: All CVE users should reference CVE-2012-0822 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4965 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2011. Notes: none. | |||||
| CVE-2017-11146 | 2017-07-24 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none. | |||||
| CVE-2010-3068 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2938. Reason: This candidate is a reservation duplicate of CVE-2010-2938. Notes: All CVE users should reference CVE-2010-2938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-1014 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0465. Reason: This candidate is a reservation duplicate of CVE-2011-0465. Notes: All CVE users should reference CVE-2011-0465 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4365 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4090. Reason: This candidate is a reservation duplicate of CVE-2011-4090. Notes: All CVE users should reference CVE-2011-4090 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2011-4366 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4090. Reason: This candidate is a reservation duplicate of CVE-2011-4090. Notes: All CVE users should reference CVE-2011-4090 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2323 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2214. Reason: This candidate is a reservation duplicate of CVE-2012-2214. Notes: All CVE users should reference CVE-2012-2214 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-2382 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1930. Reason: This candidate is a reservation duplicate of CVE-2011-1930. Notes: All CVE users should reference CVE-2011-1930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-3550 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3467. Reason: This candidate is a reservation duplicate of CVE-2012-3467. Notes: All CVE users should reference CVE-2012-3467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2012-5637 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4518. Reason: This candidate is a reservation duplicate of CVE-2012-4518. Notes: All CVE users should reference CVE-2012-4518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-7057 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-7058 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2016-7059 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none. | |||||
| CVE-2017-3734 | 2017-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||