Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0800 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-20 | 2.6 LOW | N/A |
| Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. | |||||
| CVE-2006-0801 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | |||||
| CVE-2006-0802 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. | |||||
| CVE-2006-0804 | 1 Tin | 1 Tin | 2017-07-20 | 7.5 HIGH | N/A |
| Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | |||||
| CVE-2006-0808 | 1 Mute | 1 Mute | 2017-07-20 | 6.4 MEDIUM | N/A |
| MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. | |||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | |||||
| CVE-2006-0810 | 1 Skate Board | 1 Skate Board | 2017-07-20 | 3.5 LOW | N/A |
| Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. | |||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | |||||
| CVE-2006-0822 | 1 Emulinker Kaillera Server | 1 Emulinker Kaillera Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server. | |||||
| CVE-2006-0825 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors. | |||||
| CVE-2006-0826 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request. | |||||
| CVE-2006-0827 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-0833 | 1 Boonex | 1 Barracuda Directory | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0835 | 1 Mitridat | 1 Web Calendar Pro | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. | |||||
| CVE-2006-0842 | 1 Calacode | 1 Atmail Webmail System | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 5.0 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 7.5 HIGH | N/A |
| Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | |||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 6.5 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | |||||
| CVE-2006-0846 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | |||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | |||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | |||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
| CVE-2006-0872 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | |||||
| CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | |||||
| CVE-2006-0874 | 1 Intensive Point | 1 Iuser Ecommerce | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (from January 8, 2005) is too vague to be sure, and CVE-2006-0854 does not provide version information. | |||||
| CVE-2006-0883 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2017-07-20 | 5.0 MEDIUM | N/A |
| OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | |||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. | |||||
| CVE-2006-0886 | 1 Dev | 1 Dev Web Management System | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0887 | 1 Phplib Team | 1 Phplib | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory. | |||||
| CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php. | |||||
| CVE-2006-0897 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2017-07-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher. | |||||
| CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 7.8 HIGH | N/A |
| nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | |||||
| CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2017-07-20 | 7.5 HIGH | N/A |
| A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | |||||
| CVE-2006-0924 | 1 Brown Bear Software | 1 Ical | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0925 | 1 Alt-n | 1 Mdaemon | 2017-07-20 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers. | |||||
| CVE-2006-0933 | 1 Phpx | 1 Phpx | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0934 | 1 Limbo Cms | 1 Limbo Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form. | |||||
| CVE-2006-0937 | 1 Unu Networks | 1 Mailgust | 2017-07-20 | 5.0 MEDIUM | N/A |
| U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password. | |||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | |||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | |||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2017-07-20 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | |||||
| CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2017-07-20 | 5.0 MEDIUM | N/A |
| uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. | |||||
| CVE-2006-0974 | 1 Battleaxe Software | 1 Bttlxeforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter. | |||||
| CVE-2006-0979 | 1 Nidelven It | 1 Issue Dealer | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors. | |||||
| CVE-2006-0995 | 1 Emc Dantz | 1 Retrospect | 2017-07-20 | 5.0 MEDIUM | N/A |
| EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error. | |||||
| CVE-2006-1003 | 1 Netgear | 1 Wgt624 | 2017-07-20 | 5.0 MEDIUM | N/A |
| The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | |||||
| CVE-2006-1004 | 1 Cactusoft | 1 Parodia | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1006 | 1 Sendcard | 1 Sendcard | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||