Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3010 | 1 Aliacom | 1 Open Business Management | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php. | |||||
| CVE-2006-3011 | 1 Php | 1 Php | 2017-07-20 | 4.6 MEDIUM | N/A |
| The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | |||||
| CVE-2006-3015 | 1 Winscp | 1 Winscp | 2017-07-20 | 7.1 HIGH | N/A |
| Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI. | |||||
| CVE-2006-3020 | 1 Planete Afrique | 1 Ws-album | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters. | |||||
| CVE-2006-3021 | 1 Blue-collar Productions | 1 I-gallery | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp. | |||||
| CVE-2006-3022 | 1 Fipsasp | 1 Fipsgallery | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2006-3023 | 1 Uapplication | 1 Uphotogallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. | |||||
| CVE-2006-3024 | 1 Evgenius | 1 Evgenius Counter | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php. | |||||
| CVE-2006-3026 | 1 Clicktech | 1 Clickgallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. | |||||
| CVE-2006-3029 | 1 Clicktech | 1 Clickcart | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in ClickTech Clickcart 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-3030 | 1 Dwzone | 1 Dwzone Shopping Cart | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp. | |||||
| CVE-2006-3031 | 1 Fipsasp | 1 Fipscms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters. | |||||
| CVE-2006-3032 | 1 Pensacola Web Designs | 1 Xtreme Asp Photo Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP Photo Gallery 1.05 and earlier, and possibly 2.0 (trial), allow remote attackers to inject arbitrary web script or HTML via the (1) catname and (2) total parameters in (a) displaypic.asp, and the (3) catname parameter in (b) displaythumbs.asp. | |||||
| CVE-2006-3037 | 1 Site Trade | 1 St Admanager Lite | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters. | |||||
| CVE-2006-3043 | 1 Cfxe-cms | 1 Cfxe-cms | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter. | |||||
| CVE-2006-3044 | 1 Logisphere | 1 Logisphere | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page. | |||||
| CVE-2006-0709 | 1 Metamail Corporation | 1 Metamail | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105. | |||||
| CVE-2006-0710 | 1 Isode | 1 M-vault Server | 2017-07-20 | 7.5 HIGH | N/A |
| Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP. | |||||
| CVE-2006-0711 | 1 Neomail | 1 Neomail | 2017-07-20 | 5.0 MEDIUM | N/A |
| The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled. | |||||
| CVE-2006-0712 | 1 Squishdot | 1 Squishdot | 2017-07-20 | 5.0 MEDIUM | N/A |
| mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability. | |||||
| CVE-2006-0717 | 1 Ibm | 1 Tivoli Directory Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | |||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2017-07-20 | 2.6 LOW | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | |||||
| CVE-2006-0724 | 1 Reamday Enterprises | 1 Magic News Lite | 2017-07-20 | 2.6 LOW | N/A |
| profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | |||||
| CVE-2006-0725 | 1 Plume-cms | 1 Plume Cms | 2017-07-20 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645. | |||||
| CVE-2006-0726 | 1 Cpg-nuke | 1 Dragonfly Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. | |||||
| CVE-2006-0728 | 1 Webspell | 1 Webspell | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | |||||
| CVE-2006-0730 | 1 Timo Sirainen | 1 Dovecot | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability. | |||||
| CVE-2006-0734 | 1 Valve Software | 1 Half-life Cstrike Dedicated Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015. | |||||
| CVE-2006-0743 | 1 Apache | 1 Log4net | 2017-07-20 | 5.0 MEDIUM | N/A |
| Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | |||||
| CVE-2006-0757 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators. | |||||
| CVE-2006-0758 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable. | |||||
| CVE-2006-0759 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled. | |||||
| CVE-2006-0760 | 1 Lighttpd | 1 Lighttpd | 2017-07-20 | 2.6 LOW | N/A |
| LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. | |||||
| CVE-2006-0763 | 1 Cpanel | 1 Cpanel | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter. | |||||
| CVE-2006-0764 | 1 Cisco | 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module | 2017-07-20 | 5.1 MEDIUM | N/A |
| The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455. | |||||
| CVE-2006-0767 | 1 Nathan Neulinger | 1 Cgiwrap | 2017-07-20 | 5.0 MEDIUM | N/A |
| CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause errors in scripts that reveal system information. | |||||
| CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-0773 | 1 Hitachi | 1 Business Logic | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-0775 | 1 Ridder Roeland | 1 Birthsys | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error. | |||||
| CVE-2006-0787 | 1 Plaino | 1 Wimpy Mp3 | 2017-07-20 | 4.0 MEDIUM | N/A |
| wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE. | |||||
| CVE-2006-0788 | 1 Kyocera | 1 Fs-3830n | 2017-07-20 | 5.0 MEDIUM | N/A |
| Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | |||||
| CVE-2006-0789 | 1 Kyocera | 1 Fs-3830n | 2017-07-20 | 10.0 HIGH | N/A |
| Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. | |||||
| CVE-2006-0790 | 1 Rockliffe | 1 Mailsite | 2017-07-20 | 5.0 MEDIUM | N/A |
| Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. | |||||
| CVE-2006-0792 | 1 V-webmail | 1 V-webmail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0793 | 1 V-webmail | 1 V-webmail | 2017-07-20 | 5.0 MEDIUM | N/A |
| frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0794 | 1 V-webmail | 1 V-webmail | 2017-07-20 | 5.0 MEDIUM | N/A |
| help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0796 | 1 Clever Copy | 1 Clever Copy | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2017-07-20 | 7.8 HIGH | N/A |
| Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | |||||
| CVE-2006-0798 | 1 Macallan | 1 Mail Solution | 2017-07-20 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. | |||||