Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6272 | 1 Paul Griffin | 1 Simple Php Gallery | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-6273 | 1 Paul Griffin | 1 Simple Php Gallery | 2018-10-17 | 7.5 HIGH | N/A |
| sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message. | |||||
| CVE-2006-6274 | 1 Expinion.net | 2 Inews Publisher, News Manager | 2018-10-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher. | |||||
| CVE-2006-6277 | 1 Contentserv | 1 Contentserv | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086. | |||||
| CVE-2006-6278 | 1 Alexphpteam | 1 Alex Guestbook | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | |||||
| CVE-2006-6279 | 1 Alexphpteam | 1 Alex Guestbook | 2018-10-17 | 5.0 MEDIUM | N/A |
| index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | |||||
| CVE-2006-6280 | 1 O2php.com | 1 Oxygen | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. | |||||
| CVE-2006-6281 | 1 Dicshunary | 1 Dicshunary | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter. | |||||
| CVE-2006-6282 | 1 Vikingboard | 1 Vikingboard | 2018-10-17 | 9.3 HIGH | N/A |
| members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear. | |||||
| CVE-2006-6283 | 1 Vikingboard | 1 Vikingboard | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post. | |||||
| CVE-2006-6284 | 1 Vikingboard | 1 Vikingboard | 2018-10-17 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter. | |||||
| CVE-2006-6288 | 1 Niek Albers | 1 Coolplayer | 2018-10-17 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via (1) a playlist file with long song names, because of an overflow in the CPL_AddPrefixedFile function in CPI_Playlist.c; (2) a skin file with long button names, because of an overflow in the main_skin_check_ini_value function in skin.c; and (3) a skin file with long bitmap filenames, because of an overflow in the main_skin_open function in skin.c. | |||||
| CVE-2006-6289 | 1 Woltlab | 1 Burning Board Lite | 2018-10-17 | 6.8 MEDIUM | N/A |
| Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite. | |||||
| CVE-2006-6290 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2018-10-17 | 6.5 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command. | |||||
| CVE-2006-6293 | 1 F-prot | 1 F-prot Antivirus | 2018-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. | |||||
| CVE-2006-6298 | 1 Maxiasp | 1 Yonetimi | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters. | |||||
| CVE-2006-6300 | 1 Cutephp | 1 Cutenews | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | |||||
| CVE-2006-6306 | 1 Novell | 1 Client | 2018-10-17 | 1.2 LOW | N/A |
| Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window. | |||||
| CVE-2006-6308 | 1 Symantec | 1 Livestate Agent For Windows | 2018-10-17 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. | |||||
| CVE-2006-6309 | 1 Ibm | 1 Tivoli Storage Manager | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855. | |||||
| CVE-2006-6334 | 1 Citrix | 1 Presentation Server Client | 2018-10-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | |||||
| CVE-2006-6335 | 1 Sophos | 1 Sophos Anti-virus | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. | |||||
| CVE-2006-6336 | 1 Eudora | 1 Worldmail Management Server | 2018-10-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters. | |||||
| CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | |||||
| CVE-2006-6338 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/. | |||||
| CVE-2006-6339 | 1 Devilz Clanportal | 1 Devilz Clanportal | 2018-10-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request. | |||||
| CVE-2006-6340 | 1 Nvidia | 1 Nview | 2018-10-17 | 5.0 MEDIUM | N/A |
| keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability. | |||||
| CVE-2006-6341 | 1 Mg.blattl | 1 Mg.applanix | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | |||||
| CVE-2006-6342 | 1 Klf-design | 1 Klf-realty | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp. | |||||
| CVE-2006-6343 | 1 Neocrome | 1 Seditio | 2018-10-17 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6345 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. | |||||
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. | |||||
| CVE-2006-6347 | 1 Tft Gallery | 1 Tft Gallery | 2018-10-17 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector. | |||||
| CVE-2006-6348 | 1 Mowdbb | 1 Mowdbb | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. | |||||
| CVE-2006-6349 | 1 Pwp Technologies | 1 The Classified Ad System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | |||||
| CVE-2006-6350 | 1 Iisworks | 1 Listpics | 2018-10-17 | 10.0 HIGH | N/A |
| listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb. | |||||
| CVE-2006-6351 | 1 Khaledmuratlist | 1 Khaledmuratlist | 2018-10-17 | 10.0 HIGH | N/A |
| KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. | |||||
| CVE-2006-6352 | 1 Frisk Software | 1 F-prot Antivirus | 2018-10-17 | 5.0 MEDIUM | N/A |
| FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. | |||||
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. | |||||
| CVE-2006-6355 | 1 Duware | 1 Duclassmate | 2018-10-17 | 10.0 HIGH | N/A |
| SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049. | |||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | |||||
| CVE-2006-6363 | 1 Bluesocket | 1 Bsc 2100 | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | |||||
| CVE-2006-6364 | 1 Inside Systems | 1 Inside Systems | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2006-6365 | 1 Duware | 1 Dupaypal | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047. | |||||
| CVE-2006-6369 | 1 Invision Power Services | 1 Invision Community Blog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality. | |||||
| CVE-2006-6370 | 1 Invision Power Services | 1 Invision Gallery | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | |||||
| CVE-2006-6371 | 1 James Barnsley | 1 Jab Guest Book | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter. | |||||
| CVE-2006-6373 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-17 | 5.0 MEDIUM | N/A |
| PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | |||||
| CVE-2006-6374 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | |||||
| CVE-2006-6375 | 1 Simple Machines | 1 Smf | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. | |||||