Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0941 | 1 Cynical Games | 1 Shoutlive | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages. | |||||
| CVE-2006-0943 | 1 Pwsphp | 1 Pwsphp | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2006-0944 | 1 Archangelmgt | 1 Weblog | 2018-10-18 | 7.5 HIGH | N/A |
| Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | |||||
| CVE-2006-0945 | 1 Archangelmgt | 1 Weblog | 2018-10-18 | 6.5 MEDIUM | N/A |
| PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | |||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2018-10-18 | 7.2 HIGH | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | |||||
| CVE-2006-0950 | 1 Unalz | 1 Unalz | 2018-10-18 | 2.6 LOW | N/A |
| unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | |||||
| CVE-2006-0957 | 1 Zoneo-soft | 1 Freeforum | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php. | |||||
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. | |||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | |||||
| CVE-2006-0964 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 4.6 MEDIUM | N/A |
| Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. | |||||
| CVE-2006-0965 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 4.6 MEDIUM | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. | |||||
| CVE-2006-0966 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 2.1 LOW | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. | |||||
| CVE-2006-0967 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 2.1 LOW | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks. | |||||
| CVE-2006-0968 | 1 Ncp Network Communications | 1 Secure Client | 2018-10-18 | 7.2 HIGH | N/A |
| The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established. | |||||
| CVE-2006-0969 | 1 Pixelartkingdom | 1 Top Sites | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
| CVE-2006-0970 | 1 Activecampaign | 6 1-2-all, General, Isalient and 3 more | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
| CVE-2006-0971 | 1 Lionel Reyero | 1 Directcontact | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2006-0972 | 1 Fscripts | 1 Fantastic News | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846. | |||||
| CVE-2006-0973 | 1 Phpwebsite | 1 Phpwebsite | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-6509 | 1 Sitekiosk | 1 Sitekiosk | 2018-10-17 | 4.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser. | |||||
| CVE-2006-6510 | 1 Sitekiosk | 1 Sitekiosk | 2018-10-17 | 1.7 LOW | N/A |
| An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. | |||||
| CVE-2006-6512 | 1 Flippet.org | 1 Winamp Web Interface | 2018-10-17 | 3.5 LOW | N/A |
| Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter. | |||||
| CVE-2006-6513 | 1 Flippet.org | 1 Winamp Web Interface | 2018-10-17 | 3.5 LOW | N/A |
| The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function. | |||||
| CVE-2006-6514 | 1 Flippet.org | 1 Winamp Web Interface | 2018-10-17 | 3.5 LOW | N/A |
| Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\folder2 when the root directory is C:\folder. | |||||
| CVE-2006-6516 | 1 Kdpics | 1 Kdpics | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php. | |||||
| CVE-2006-6517 | 1 Kdpics | 1 Kdpics | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. | |||||
| CVE-2006-6518 | 1 Scriptphp | 1 Pronews | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. | |||||
| CVE-2006-6519 | 1 Scriptphp | 1 Pronews | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | |||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2006-6523 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-2006-6526 | 1 Gizzar | 1 Gizzar | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | |||||
| CVE-2006-6537 | 1 Ibm | 1 Websphere Host On-demand | 2018-10-17 | 7.5 HIGH | N/A |
| IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | |||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2018-10-17 | 7.8 HIGH | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||||
| CVE-2006-6539 | 1 Flippet.org | 1 Winamp Web Interface | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit." | |||||
| CVE-2006-6548 | 1 Cpanel | 1 Webhost Manager | 2018-10-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. | |||||
| CVE-2006-6549 | 1 Rad Inks | 1 Rad Upload | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below." | |||||
| CVE-2006-6554 | 1 Kerio | 1 Kerio Mailserver | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. | |||||
| CVE-2006-6563 | 1 Proftpd Project | 1 Proftpd | 2018-10-17 | 6.6 MEDIUM | N/A |
| Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. | |||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2018-10-17 | 7.8 HIGH | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | |||||
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2018-10-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | |||||
| CVE-2006-6571 | 1 Genesistrader | 1 Genesistrader | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters. | |||||
| CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2018-10-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6585 | 1 Mozilla | 1 Firefox | 2018-10-17 | 6.4 MEDIUM | N/A |
| The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. | |||||
| CVE-2006-6591 | 1 Exlor | 1 Exlor | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | |||||
| CVE-2006-6592 | 1 Php | 1 Bloq | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | |||||
| CVE-2006-6593 | 1 Phpbb | 1 Amazonia Mod | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6596 | 1 Hilgraeve | 1 Hyperaccess | 2018-10-17 | 6.8 MEDIUM | N/A |
| HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer. | |||||
| CVE-2006-6597 | 1 Hilgraeve | 1 Hyperaccess | 2018-10-17 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via the /r option in a telnet:// URI, which is configured to use hawin32.exe. | |||||