Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6189 | 1 Clicktech | 1 Clickblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter. | |||||
| CVE-2006-6194 | 1 Fisasp.com | 1 Ultimate Survey Pro | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | |||||
| CVE-2006-6195 | 1 Fixit Knowledge Solutions | 1 Idms Pro Image Gallery | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp. | |||||
| CVE-2006-6196 | 1 Fixit Knowledge Solutions | 1 Idms Pro Image Gallery | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). | |||||
| CVE-2006-6197 | 1 B2evolution | 1 B2evolution | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. | |||||
| CVE-2006-6198 | 1 Cpanel | 1 Webhost Manager | 2018-10-17 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. | |||||
| CVE-2006-6200 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-6201 | 2 Borland Software, Revilloc | 6 C\+\+ Builder, C Builder, Delphi and 3 more | 2018-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function. | |||||
| CVE-2006-6204 | 1 Enthrallweb | 1 Ehomes | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp. | |||||
| CVE-2006-6205 | 1 Enthrallweb | 1 Ehomes | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. | |||||
| CVE-2006-6206 | 1 Warhound | 1 Warhound General Shopping Cart | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2006-6207 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter. NOTE: the vendor disputes this issue, stating that it is a forced SQL error. | |||||
| CVE-2006-6208 | 1 Enthrallweb | 1 Eclassifieds | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp. | |||||
| CVE-2006-6209 | 1 Midicart Software | 2 Midicart Asp Plus Shopping Cart, Midicart Asp Shopping Cart | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601. | |||||
| CVE-2006-6210 | 1 Iisworks | 1 Asp Listpics | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6211 | 1 Birdblog | 1 Birdblog | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. | |||||
| CVE-2006-6217 | 1 Php-nuke | 1 Mermaid Module | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter. | |||||
| CVE-2006-6218 | 1 Dev4u | 1 Dev4u Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. | |||||
| CVE-2006-6219 | 1 Dev4u | 1 Dev4u Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters. | |||||
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2018-10-17 | 7.5 HIGH | N/A |
| 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | |||||
| CVE-2006-6222 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2018-10-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix. | |||||
| CVE-2006-6230 | 1 Vubb | 1 Vubb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962. | |||||
| CVE-2006-6231 | 1 Vubb | 1 Vubb | 2018-10-17 | 5.0 MEDIUM | N/A |
| vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | |||||
| CVE-2006-6232 | 1 Dreamcost | 1 Dreamaccount | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | |||||
| CVE-2006-6234 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | |||||
| CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2018-10-17 | 10.0 HIGH | N/A |
| A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | |||||
| CVE-2006-6236 | 1 Adobe | 1 Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | |||||
| CVE-2006-6237 | 1 Woltlab | 1 Burning Board Lite | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter. | |||||
| CVE-2006-6243 | 1 Fipsasp | 1 Fipsshop | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | |||||
| CVE-2006-6247 | 1 Uapplication | 1 Uphotogallery | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp. | |||||
| CVE-2006-6248 | 1 Gphotos | 1 Gphotos | 2018-10-17 | 7.8 HIGH | N/A |
| index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message. | |||||
| CVE-2006-6252 | 1 Microsoft | 1 Windows Live Messenger | 2018-10-17 | 4.3 MEDIUM | N/A |
| Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. | |||||
| CVE-2006-6253 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 5.0 MEDIUM | N/A |
| Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. | |||||
| CVE-2006-6254 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 4.3 MEDIUM | N/A |
| administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability. | |||||
| CVE-2006-6256 | 1 Alternc | 1 Alternc | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name. | |||||
| CVE-2006-6257 | 1 Alternc | 1 Alternc | 2018-10-17 | 6.8 MEDIUM | N/A |
| The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message. | |||||
| CVE-2006-6258 | 1 Alternc | 1 Alternc | 2018-10-17 | 9.3 HIGH | N/A |
| The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack. | |||||
| CVE-2006-6259 | 1 Alternc | 1 Alternc | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain. | |||||
| CVE-2006-6260 | 1 Redbinaria | 1 Siap Cms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-6262 | 1 Phpjunkyard | 1 Phpjunkyard Mboard | 2018-10-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter. | |||||
| CVE-2006-6263 | 1 Microsoft | 1 Teredo | 2018-10-17 | 6.8 MEDIUM | N/A |
| Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets. | |||||
| CVE-2006-6264 | 1 Microsoft | 1 Teredo | 2018-10-17 | 7.5 HIGH | N/A |
| Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering. | |||||
| CVE-2006-6265 | 1 Microsoft | 1 Teredo | 2018-10-17 | 5.8 MEDIUM | N/A |
| Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | |||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2018-10-17 | 6.8 MEDIUM | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | |||||
| CVE-2006-6267 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.8 HIGH | N/A |
| PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message. | |||||
| CVE-2006-6268 | 1 Neocrome | 1 Land Down Under | 2018-10-17 | 10.0 HIGH | N/A |
| SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527). | |||||
| CVE-2006-6269 | 1 Infinity Technologies | 1 Infinitytechs Restaurants Cm | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp. | |||||
| CVE-2006-6270 | 1 Kervancilar | 1 Aspmforum | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141. | |||||
| CVE-2006-6271 | 1 Phpoll | 1 Phpoll | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. | |||||