Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5442 | 1 Viewvc | 1 Viewvc | 2018-10-17 | 6.8 MEDIUM | N/A |
| ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view. | |||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.5 HIGH | N/A |
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | |||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | |||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-5448 | 1 Microsoft | 1 Windows Digital Rights Management | 2018-10-17 | 7.5 HIGH | N/A |
| The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. | |||||
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | |||||
| CVE-2006-5451 | 1 Torrentflux | 1 Torrentflux | 2018-10-17 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (4) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227. | |||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | |||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2018-10-17 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | |||||
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | |||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-5085 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | |||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 6.4 MEDIUM | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | |||||
| CVE-2006-5088 | 1 Phpheaven | 1 Phpmychat | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. | |||||
| CVE-2006-5091 | 1 Hp | 1 Hp-ux | 2018-10-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. | |||||
| CVE-2006-5094 | 1 Phpbb Xs | 1 Phpbb Xs | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | |||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions. | |||||
| CVE-2006-5096 | 1 Virtuemart | 1 Virtuemart Joomla Ecommerrce Edition Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. | |||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability." | |||||
| CVE-2006-5100 | 1 Netwin | 1 Webnews | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. | |||||
| CVE-2006-5101 | 1 Comdev | 1 Comdev Csv Importer | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected. | |||||
| CVE-2006-5103 | 1 Bbsnew | 1 Bbsnew | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter. | |||||
| CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | |||||
| CVE-2006-5107 | 1 Devellion | 1 Cubecart | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php. | |||||
| CVE-2006-5108 | 1 Devellion | 1 Cubecart | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. | |||||
| CVE-2006-5109 | 1 Devellion | 1 Cubecart | 2018-10-17 | 5.0 MEDIUM | N/A |
| Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607. | |||||
| CVE-2006-5114 | 1 Sap | 1 Internet Transaction Server | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. | |||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | |||||
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. | |||||
| CVE-2006-5119 | 1 Zen Cart | 1 Zen Cart | 2018-10-17 | 4.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/login.php, or the (3) admin_email parameter in (b) admin/password_forgotten.php. | |||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2018-10-17 | 4.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. | |||||
| CVE-2006-5121 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. | |||||
| CVE-2006-5122 | 1 Hp | 1 Mercury Sitescope | 2018-10-17 | 4.9 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. | |||||
| CVE-2006-5123 | 1 Phprojekt | 1 Phprojekt | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609. | |||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. | |||||
| CVE-2006-5128 | 1 Conpresso | 1 Conpresso Cms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. | |||||
| CVE-2006-5129 | 1 Salims Softhouse | 1 Jaf Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables. | |||||
| CVE-2006-5131 | 1 Salims Softhouse | 1 Jaf Cms | 2018-10-17 | 7.5 HIGH | N/A |
| module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php. | |||||
| CVE-2006-5134 | 1 Hp | 1 Mercury Sitescope | 2018-10-17 | 4.0 MEDIUM | N/A |
| Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field. | |||||
| CVE-2006-5136 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter. | |||||
| CVE-2006-5137 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts. | |||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2018-10-17 | 5.0 MEDIUM | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | |||||
| CVE-2006-5139 | 1 Mkportal | 1 Mkportal | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox. | |||||
| CVE-2006-5144 | 1 Olate | 1 Olatedownload | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter. | |||||
| CVE-2006-5145 | 1 Olate | 1 Olatedownload | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php. | |||||
| CVE-2006-5146 | 1 Yblog | 1 Yblog | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php. | |||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | |||||
| CVE-2006-5151 | 1 Hp | 1 Hp-ux | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors. | |||||
| CVE-2006-5153 | 1 Kerio | 1 Personal Firewall | 2018-10-17 | 5.0 MEDIUM | N/A |
| The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. | |||||
| CVE-2006-5157 | 1 Trend Micro | 1 Officescan | 2018-10-17 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". | |||||