Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1615 | 1 Clamav | 1 Clamav | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. | |||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | |||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | |||||
| CVE-2006-1619 | 1 Ibm | 1 Websphere Application Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | |||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2017-07-20 | 4.6 MEDIUM | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | |||||
| CVE-2006-1630 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 5.0 MEDIUM | N/A |
| The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." | |||||
| CVE-2006-1631 | 1 Cisco | 1 Content Services Switch 11500 | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. | |||||
| CVE-2006-1634 | 1 Lucidcms | 1 Lucidcms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2006-1635 | 1 Lucidcms | 1 Lucidcms | 2017-07-20 | 5.0 MEDIUM | N/A |
| LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message. | |||||
| CVE-2006-1642 | 1 Interact | 1 Interact | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct. | |||||
| CVE-2006-1643 | 1 Interact | 1 Interact | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party. | |||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2017-07-20 | 5.0 MEDIUM | N/A |
| login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1661 | 1 Sk Soft | 1 Skforum | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action. | |||||
| CVE-2006-1673 | 1 Jelsoft | 1 Vbug Tracker | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. | |||||
| CVE-2006-1678 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. | |||||
| CVE-2006-1682 | 1 Talentsoft | 1 Web\+ Shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script. | |||||
| CVE-2006-1685 | 1 Apt | 1 Apt-webshop-system | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid. | |||||
| CVE-2006-1690 | 1 Manic Web | 1 Mwnewsletter | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. | |||||
| CVE-2006-1691 | 1 Manic Web | 1 Mwnewsletter | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php. | |||||
| CVE-2006-1693 | 1 Globalscape | 1 Secure Ftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. | |||||
| CVE-2006-1695 | 1 Fbida | 1 Fbida | 2017-07-20 | 1.2 LOW | N/A |
| The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID]. | |||||
| CVE-2006-1696 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1698 | 1 Matt Wright | 1 Matt Wright Guestbook | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis. | |||||
| CVE-2006-1699 | 1 Aweb | 1 Banner Generator | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode. | |||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | |||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2017-07-20 | 5.0 MEDIUM | N/A |
| index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. | |||||
| CVE-2006-1709 | 1 Interaktiv | 1 Interaktiv.shop | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. | |||||
| CVE-2006-1711 | 1 Plone | 1 Plone | 2017-07-20 | 5.0 MEDIUM | N/A |
| Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. | |||||
| CVE-2006-1722 | 1 Suche | 1 Shopxs | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. | |||||
| CVE-2006-1743 | 1 Jbook | 1 Jbook | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) nom or (2) mail parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1746 | 1 Tincan | 1 Phplist | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | |||||
| CVE-2006-1750 | 1 Jmb Software | 1 Autogallery | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. | |||||
| CVE-2006-1751 | 1 Michiel Van Baak | 1 Mvblog | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-1752 | 1 Michiel Van Baak | 1 Mvblog | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment. | |||||
| CVE-2006-1753 | 1 Debian | 1 Debian Linux | 2017-07-20 | 3.6 LOW | N/A |
| A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2006-1760 | 1 Jetphotosoft.com | 1 Jetphoto | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. | |||||
| CVE-2006-1766 | 1 Papoo | 1 Papoo | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php. | |||||
| CVE-2006-1773 | 1 Phpkit | 1 Phpkit | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php. | |||||
| CVE-2006-1794 | 1 Mambo | 1 Mambo | 2017-07-20 | 7.6 HIGH | N/A |
| SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | |||||
| CVE-2006-1797 | 1 Netbsd | 1 Netbsd | 2017-07-20 | 4.9 MEDIUM | N/A |
| The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. | |||||
| CVE-2006-1800 | 1 Simplemedia | 1 Simplebbs | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 through 1.1 allows remote attackers to include and execute arbitrary files via ".." sequences in the language cookie, as demonstrated by by injecting the code into the gl_session cookie of users.php, which is stored in error.log. | |||||
| CVE-2006-1814 | 1 Netbsd | 1 Netbsd | 2017-07-20 | 2.1 LOW | N/A |
| NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. | |||||
| CVE-2006-1815 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1825 | 1 Phplinks | 1 Phplinks | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
| CVE-2006-1829 | 1 Sybase | 1 Easerver | 2017-07-20 | 4.0 MEDIUM | N/A |
| EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles. | |||||
| CVE-2006-1830 | 1 Sun | 1 Java Studio Enterprise | 2017-07-20 | 3.7 LOW | N/A |
| Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2017-07-20 | 2.6 LOW | N/A |
| Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | |||||
| CVE-2006-1840 | 1 Empire Server | 1 Empire Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | |||||
| CVE-2006-1843 | 1 Cynical Games | 1 Shoutbook | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||