Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6780 | 1 Hlstats | 1 Hlstats | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter. | |||||
| CVE-2006-6781 | 1 Hlstats | 1 Hlstats | 2018-10-17 | 5.0 MEDIUM | N/A |
| HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message. | |||||
| CVE-2006-6783 | 1 Logahead | 1 Logahead Unu | 2018-10-17 | 7.5 HIGH | N/A |
| logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6784 | 1 Netbula | 1 Anyboard | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form. | |||||
| CVE-2006-6788 | 1 Luckybot | 1 Luckybot | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php. | |||||
| CVE-2006-6789 | 1 Phpbbxtra | 1 Phpbbxtra | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6791 | 1 Chatwm | 1 Chatwm | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters. | |||||
| CVE-2006-6793 | 1 Okul Merkezi | 1 Okul Merkezi Portal | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | |||||
| CVE-2006-6797 | 1 Microsoft | 1 Windows Xp | 2018-10-17 | 6.6 MEDIUM | N/A |
| The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | |||||
| CVE-2006-6799 | 1 The Cacti Group | 1 Cacti | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function. | |||||
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2006-6811 | 1 Kde | 1 Ksirc | 2018-10-17 | 4.3 MEDIUM | N/A |
| KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. | |||||
| CVE-2006-6815 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2018-10-17 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. | |||||
| CVE-2006-6816 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. | |||||
| CVE-2006-6817 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 5.0 MEDIUM | N/A |
| AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. | |||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 7.5 HIGH | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | |||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 6.4 MEDIUM | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | |||||
| CVE-2006-6824 | 1 Php Icalendar | 1 Php Icalendar | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24. | |||||
| CVE-2006-6835 | 1 Neocrome | 1 Land Down Under | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. | |||||
| CVE-2006-6837 | 1 Sergey Oblomov | 1 Iso Wincmd | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image. | |||||
| CVE-2006-6838 | 1 Rediff | 1 Bol Downloader Activex Ocx Control | 2018-10-17 | 7.5 HIGH | N/A |
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | |||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | |||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | |||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 7.5 HIGH | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | |||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | |||||
| CVE-2006-6854 | 1 De Marchi Daniele | 1 Quickcam | 2018-10-17 | 7.5 HIGH | N/A |
| The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | |||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-6860 | 1 Mythcontrol | 1 Mythcontrol | 2018-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6861 | 1 Outfront | 1 Spooky Login | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. | |||||
| CVE-2006-6862 | 1 Outfront | 1 Spooky Login | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. | |||||
| CVE-2006-6863 | 1 Enigma | 1 Wordpress Bridge | 2018-10-17 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value. | |||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2018-10-17 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | |||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2018-10-17 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | |||||
| CVE-2006-6875 | 1 Openser | 2 Openser, Openser Osp Module | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | |||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | |||||
| CVE-2006-6881 | 1 Stavros Markou | 1 Atmelwlandriver | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument. | |||||
| CVE-2006-6882 | 1 Golden Book | 1 Golden Book | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used. | |||||
| CVE-2006-6884 | 1 Winzip | 1 Winzip | 2018-10-17 | 9.3 HIGH | N/A |
| Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198. | |||||
| CVE-2006-6895 | 1 Sony Ericsson | 1 T60 | 2018-10-17 | 2.9 LOW | N/A |
| The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. | |||||
| CVE-2006-6896 | 1 Plantronic | 1 Headset | 2018-10-17 | 5.4 MEDIUM | N/A |
| The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | |||||
| CVE-2006-6897 | 1 Widcomm | 1 Bluetooth For Windows | 2018-10-17 | 5.4 MEDIUM | N/A |
| Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2006-6385 | 1 Intel | 4 Pro 1000 Adapters, Pro 1000 Pcie Adapters, Pro 10 100 Adapters and 1 more | 2018-10-17 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. | |||||
| CVE-2006-6389 | 1 Ac4p | 1 Ac4p Mobile | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. | |||||
| CVE-2006-6397 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2018-10-17 | 4.4 MEDIUM | N/A |
| ** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability. | |||||
| CVE-2006-6398 | 1 Superfreaker Studios | 1 Upublisher | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888. | |||||
| CVE-2006-6405 | 1 Softwin | 1 Bitdefender Mail Protection | 2018-10-17 | 5.0 MEDIUM | N/A |
| BitDefender Mail Protection for SMB 2.0 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2006-6406 | 1 Clam Anti-virus | 1 Clamav | 2018-10-17 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2006-6407 | 1 F-prot | 1 F-prot Antivirus | 2018-10-17 | 5.0 MEDIUM | N/A |
| F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||