Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2011-03-08 | 5.0 MEDIUM | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | |||||
| CVE-2006-2609 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2011-03-08 | 5.1 MEDIUM | N/A |
| artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | |||||
| CVE-2006-2311 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. | |||||
| CVE-2006-2310 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-08 | 5.0 MEDIUM | N/A |
| BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. | |||||
| CVE-2006-2184 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." | |||||
| CVE-2006-2182 | 1 Albinator | 1 Albinator | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. | |||||
| CVE-2006-2294 | 1 Timobraun | 1 Dynamic Galerie | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal. | |||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. | |||||
| CVE-2006-1922 | 1 Sweetphp | 1 Totalcalendar | 2011-03-08 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2011-03-08 | 6.4 MEDIUM | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | |||||
| CVE-2006-1846 | 1 Francisco Burzi | 1 Php-nuke | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. | |||||
| CVE-2006-2003 | 1 Community Architect | 1 Community Architect Guestbook | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||||
| CVE-2006-1660 | 1 Softbiz | 1 Image Gallery | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2011-03-08 | 7.8 HIGH | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1505 | 1 Basic Analysis And Security Engine | 1 Base | 2011-03-08 | 5.0 MEDIUM | N/A |
| base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes". | |||||
| CVE-2006-1604 | 1 Exponent | 1 Exponent Cms | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | |||||
| CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | |||||
| CVE-2006-1605 | 1 Exponent | 1 Exponent Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | |||||
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | |||||
| CVE-2006-1515 | 1 Typespeed | 1 Typespeed | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-1558 | 1 Php | 1 Php Script Index | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2006-1514 | 1 Abcmidi | 1 Abcmidi | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | |||||
| CVE-2006-1692 | 1 Manic Web | 1 Mwnewsletter | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis. | |||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1497 | 1 Vihor | 1 Vihordesign | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter. | |||||
| CVE-2006-1687 | 1 Apt | 1 Apt-webshop-system | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. | |||||
| CVE-2006-1745 | 1 Bitweaver | 1 Bitweaver | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2011-03-08 | 7.2 HIGH | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | |||||
| CVE-2006-1287 | 1 Invision Power Services | 1 Invision Power Board | 2011-03-08 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. | |||||
| CVE-2006-1093 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | |||||
| CVE-2006-1284 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2011-03-08 | 4.6 MEDIUM | N/A |
| The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks. | |||||
| CVE-2006-1285 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2011-03-08 | 3.2 LOW | N/A |
| SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. | |||||
| CVE-2006-1268 | 1 Funkwerk | 1 X2300 | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | |||||
| CVE-2006-1096 | 1 Digital Builder | 1 Nz Ecommerce | 2011-03-08 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem. | |||||
| CVE-2006-0930 | 1 Argosoft | 1 Argosoft Mail Server | 2011-03-08 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. | |||||
| CVE-2006-0956 | 1 Nufw | 1 Nufw Firewall | 2011-03-08 | 1.7 LOW | N/A |
| nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. | |||||
| CVE-2006-0951 | 1 Eset Software | 1 Nod32 Antivirus | 2011-03-08 | 7.2 HIGH | N/A |
| The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | |||||
| CVE-2006-0912 | 1 Oreka | 1 Oreka | 2011-03-08 | 5.0 MEDIUM | N/A |
| Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence." | |||||
| CVE-2006-1069 | 1 Geeklog | 1 Geeklog | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors. | |||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2011-03-08 | 7.5 HIGH | N/A |
| Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | |||||
| CVE-2006-0915 | 1 Mozilla | 1 Bugzilla | 2011-03-08 | 7.5 HIGH | N/A |
| Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. | |||||
| CVE-2006-1032 | 1 Phprpc | 1 Phprpc | 2011-03-08 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag. | |||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | |||||
| CVE-2006-0828 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors. | |||||
| CVE-2006-0665 | 1 Mantis | 1 Mantis | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | |||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | |||||