Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||||
| CVE-2006-0690 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 5.0 MEDIUM | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | |||||
| CVE-2006-0692 | 1 Carey Briggs | 1 Php Mysql Timesheet | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php. | |||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters. | |||||
| CVE-2006-0703 | 1 Imagevue | 1 Imagevue | 2018-10-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. | |||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | |||||
| CVE-2006-0713 | 1 Linpha | 1 Linpha | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal. | |||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | |||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | |||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
| CVE-2006-0721 | 1 Runcms | 1 Runcms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | |||||
| CVE-2006-0722 | 1 Reamday Enterprises | 1 Magic Downloads | 2018-10-19 | 2.6 LOW | N/A |
| settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | |||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | |||||
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2018-10-19 | 4.0 MEDIUM | N/A |
| WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | |||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2018-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means. | |||||
| CVE-2006-0733 | 1 Wordpress | 1 Wordpress | 2018-10-19 | 2.6 LOW | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability. | |||||
| CVE-2006-0735 | 2 Fuzzymonkey, M Blom | 2 My Blog, Html-bbcode | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag. | |||||
| CVE-2006-0297 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-19 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. | |||||
| CVE-2006-0298 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-19 | 5.8 MEDIUM | N/A |
| The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. | |||||
| CVE-2006-0299 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-19 | 6.4 MEDIUM | N/A |
| The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. | |||||
| CVE-2006-0300 | 1 Gnu | 1 Tar | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | |||||
| CVE-2006-0301 | 1 Xpdf | 1 Xpdf | 2018-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | |||||
| CVE-2006-0309 | 1 Linksys | 1 Befvp41 | 2018-10-19 | 4.0 MEDIUM | N/A |
| Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. | |||||
| CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2018-10-19 | 5.8 MEDIUM | N/A |
| index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | |||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
| CVE-2006-0320 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | |||||
| CVE-2006-0321 | 1 Fetchmail | 1 Fetchmail | 2018-10-19 | 5.0 MEDIUM | N/A |
| fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. | |||||
| CVE-2006-0323 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2018-10-19 | 9.3 HIGH | N/A |
| Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations. | |||||
| CVE-2006-0324 | 1 Webspot | 1 Webspotblogging | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | |||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2018-10-19 | 7.5 HIGH | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||
| CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2018-10-19 | 5.0 MEDIUM | N/A |
| TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | |||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2018-10-19 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | |||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2018-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2006-0333 | 1 Ar-blog | 1 Ar-blog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. | |||||
| CVE-2006-0339 | 1 Bitcomet | 1 Bitcomet | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file. | |||||
| CVE-2006-0352 | 1 Fluffington | 1 Flog | 2018-10-19 | 5.0 MEDIUM | N/A |
| The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected. | |||||
| CVE-2006-0355 | 1 Helmsman Research | 1 Homeftp | 2018-10-19 | 5.0 MEDIUM | N/A |
| Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command. | |||||
| CVE-2006-0356 | 1 Ari Pikivirta | 1 Home Ftp Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command. | |||||
| CVE-2006-0357 | 1 Grant Averett | 1 Cerberus Ftp Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command. | |||||
| CVE-2006-0358 | 1 Powerportal | 1 Powerportal | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2. | |||||
| CVE-2006-0359 | 1 Counterpath | 1 Eyebeam Sip Softphone | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call. | |||||
| CVE-2006-0361 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>. | |||||
| CVE-2006-0363 | 1 Microsoft | 1 Msn Messenger | 2018-10-19 | 2.1 LOW | N/A |
| The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. | |||||
| CVE-2006-0366 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag. | |||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2018-10-19 | 5.0 MEDIUM | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | |||||
| CVE-2006-0371 | 1 Noah Medling | 1 Rcblog | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter. | |||||
| CVE-2006-0372 | 1 Insane Visions | 1 Blogphp | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | |||||