Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2632 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. | |||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. | |||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | |||||
| CVE-2006-2635 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "<scr<script>ipt>" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) "Assign new module" and (16) "Create new user module" in (k) tiki-admin_modules.php, (17) an unspecified field in "Add notification" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in "Create new template" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php. | |||||
| CVE-2006-2636 | 1 Katy Whitton | 1 Newscmslite | 2018-10-18 | 7.5 HIGH | N/A |
| newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". | |||||
| CVE-2006-2637 | 1 Tuttophp | 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. | |||||
| CVE-2006-2638 | 1 Qjstudios | 1 Qjforum | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. | |||||
| CVE-2006-2639 | 1 Phpsimplechoose | 1 Phpsimplechoose | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | |||||
| CVE-2006-2641 | 1 John Frank | 1 Asset Manager | 2018-10-18 | 5.8 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2642 | 1 Php-residence | 1 Php-residence | 2018-10-18 | 4.3 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2643 | 1 Circle R | 1 Monster Top List | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. | |||||
| CVE-2006-2645 | 1 Plume-cms | 1 Plume Cms | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725. | |||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | |||||
| CVE-2006-2651 | 1 Vacation Rentals | 1 Vacation Rental Script | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. | |||||
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2018-10-18 | 4.6 MEDIUM | N/A |
| VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||||
| CVE-2006-2663 | 1 Ifusionservices | 1 Iflance | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. | |||||
| CVE-2006-2664 | 1 Ifdate.com | 1 Ifdate | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. | |||||
| CVE-2006-2667 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | |||||
| CVE-2006-2668 | 1 Docebolms | 1 Docebolms | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. | |||||
| CVE-2006-2669 | 1 Preprojects.com | 1 Pre Shopping Mall | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) cid parameter in products.php. | |||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | |||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. | |||||
| CVE-2006-2672 | 1 Interquest Internet Services | 1 Realty Pro One | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection. | |||||
| CVE-2006-2673 | 1 E-board | 1 Elite-board | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. | |||||
| CVE-2006-2674 | 1 Tamber Forum | 1 Tamber Forum | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp. | |||||
| CVE-2006-2675 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. | |||||
| CVE-2006-2678 | 1 Pre Projects | 1 Pre News Manager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. | |||||
| CVE-2006-2680 | 1 Php4script | 1 Az Photo Album Script Pro | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. | |||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | |||||
| CVE-2006-2693 | 1 Nivisec | 1 Hacks List | 2018-10-18 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter. | |||||
| CVE-2006-2694 | 1 Scriptscenter | 1 Ezupload Pro | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php. | |||||
| CVE-2006-2696 | 1 Easy-content Forums | 1 Easy-content Forums | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp. | |||||
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. | |||||
| CVE-2006-2698 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 7.8 HIGH | N/A |
| Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | |||||
| CVE-2006-2699 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. | |||||
| CVE-2006-2700 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | |||||
| CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 5.0 MEDIUM | N/A |
| vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | |||||
| CVE-2006-2703 | 1 Suse | 1 Suse Linux | 2018-10-18 | 5.0 MEDIUM | N/A |
| The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-2718 | 1 Jiwa | 1 Financials | 2018-10-18 | 6.5 MEDIUM | N/A |
| JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. | |||||
| CVE-2006-2719 | 1 Jiwa | 1 Financials | 2018-10-18 | 4.9 MEDIUM | N/A |
| JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. | |||||
| CVE-2006-2720 | 1 Variomat | 1 Variomat | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. | |||||
| CVE-2006-2721 | 1 Variomat | 1 Variomat | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2723 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. | |||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2018-10-18 | 7.5 HIGH | N/A |
| home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. | |||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. | |||||
| CVE-2006-2731 | 1 Enigma Haber | 1 Enigma Haber | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp. | |||||