Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | |||||
| CVE-2006-5476 | 1 Drupal | 1 Drupal | 2018-10-17 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | |||||
| CVE-2006-5477 | 1 Drupal | 1 Drupal | 2018-10-17 | 2.6 LOW | N/A |
| Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | |||||
| CVE-2006-5478 | 1 Novell | 1 Edirectory | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. | |||||
| CVE-2006-5485 | 1 Speedberg | 1 Speedberg | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php. | |||||
| CVE-2006-5487 | 1 Marshal | 1 Mailmarshal Smtp | 2018-10-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive. | |||||
| CVE-2006-5491 | 1 Ceary | 1 Ultracms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2006-5493 | 1 Digitalhive | 1 Digitalhive | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-5495 | 1 Trawler | 1 Trawler Web Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files. | |||||
| CVE-2006-5496 | 1 Timothy Claason | 1 Knowledgebank | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php. | |||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | |||||
| CVE-2006-5503 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-5504 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. | |||||
| CVE-2006-5508 | 1 Woltlab | 1 Burning Book | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | |||||
| CVE-2006-5509 | 1 Woltlab | 1 Burning Book | 2018-10-17 | 7.5 HIGH | N/A |
| Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | |||||
| CVE-2006-5512 | 1 Zwahlen Informatik | 1 Online Shop | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-5515 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. | |||||
| CVE-2006-5516 | 1 Wikini | 1 Wikini | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. | |||||
| CVE-2006-5517 | 1 Rhode Island Secretary Of State | 1 Open Meetings Filing System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. | |||||
| CVE-2006-5520 | 1 Deltascripts | 1 Php Classifieds | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. | |||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | |||||
| CVE-2006-5527 | 1 Intelimen | 1 Intelieditor | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter. | |||||
| CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5533 | 1 Aroundme | 1 Aroundme | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401. | |||||
| CVE-2006-5535 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. | |||||
| CVE-2006-5536 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter. | |||||
| CVE-2006-5537 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. | |||||
| CVE-2006-5538 | 1 D-link | 1 Dsl-g624t | 2018-10-17 | 5.0 MEDIUM | N/A |
| D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | |||||
| CVE-2006-5543 | 1 Pgosd | 1 Pgosd | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-5544 | 1 Microsoft | 1 Ie | 2018-10-17 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. | |||||
| CVE-2006-5549 | 1 Adobe | 1 Adobe Php Ria Sdk | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party researcher who states that AMFPHP_BASE is a constant. | |||||
| CVE-2006-5560 | 1 Boesch It-consulting | 1 Progsys | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5563 | 1 Yahoo | 1 Messenger | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5566 | 1 Webasyst Llc | 1 Shop-script | 2018-10-17 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters. | |||||
| CVE-2006-5570 | 1 Kynoslogic | 1 Cruiseworks | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter. | |||||
| CVE-2006-5571 | 1 Kynoslogic | 1 Cruiseworks | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter. | |||||
| CVE-2006-5574 | 1 Microsoft | 5 Office, Office Multilingual User Interface Pack, Office Proofing Tools and 2 more | 2018-10-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed. | |||||
| CVE-2006-5577 | 1 Microsoft | 1 Ie | 2018-10-17 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. | |||||
| CVE-2006-5578 | 1 Microsoft | 1 Ie | 2018-10-17 | 2.6 LOW | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. | |||||
| CVE-2006-5583 | 1 Microsoft | 1 Windows 2003 Server | 2018-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | |||||
| CVE-2006-5584 | 1 Microsoft | 1 Windows 2000 | 2018-10-17 | 7.5 HIGH | N/A |
| The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | |||||
| CVE-2006-5585 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-17 | 7.2 HIGH | N/A |
| The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | |||||
| CVE-2006-5586 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2018-10-17 | 7.2 HIGH | N/A |
| The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." | |||||
| CVE-2006-5589 | 1 Ledgersmb | 1 Ledgersmb | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. | |||||
| CVE-2006-5590 | 1 Articlebeach | 1 Articlebeach Script | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in ArticleBeach Script 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-5591 | 1 Pacos Drivers | 1 Pacpoll | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | |||||
| CVE-2006-5592 | 1 Pacos Drivers | 1 Pacpoll | 2018-10-17 | 7.5 HIGH | N/A |
| Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx". | |||||
| CVE-2006-5594 | 1 University Of British Columbia | 1 Ipeer | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in University of British Columbia iPeer 2.0, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: it is possible that this issue is related to CakePHP. | |||||
| CVE-2006-5599 | 1 Oracle | 1 Apex | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. | |||||
| CVE-2006-5600 | 1 Axalto | 1 Protiva | 2018-10-17 | 2.1 LOW | N/A |
| Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. | |||||