Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4268 | 1 Devellion | 1 Cubecart | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. | |||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package. | |||||
| CVE-2006-4270 | 1 Mambo | 1 Mambelfish Component | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level." | |||||
| CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | |||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4279 | 1 Xennobb | 1 Xennobb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. | |||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file. | |||||
| CVE-2006-4282 | 1 Mamboxchange | 1 Mambowiki | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||
| CVE-2006-4283 | 1 Solmetra | 1 Spaw Editor | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php. | |||||
| CVE-2006-4284 | 1 Lblog | 1 Lblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4285 | 1 Fscripts | 1 Fantastic News | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected. | |||||
| CVE-2006-4286 | 1 Mambo | 1 Mambo | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate. | |||||
| CVE-2006-4293 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. | |||||
| CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | |||||
| CVE-2006-4300 | 1 8pixel.net | 1 Simple Blog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4301 | 1 Microsoft | 1 Ie | 2018-10-17 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. | |||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2018-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | |||||
| CVE-2006-4308 | 1 Blackboard | 3 Blackboard, Blackboard Learning And Community Portal Suite, Vista | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | |||||
| CVE-2006-4309 | 1 Ak-systems | 1 Windows Terminal | 2018-10-17 | 10.0 HIGH | N/A |
| VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. | |||||
| CVE-2006-4310 | 1 Mozilla | 1 Firefox | 2018-10-17 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. | |||||
| CVE-2006-4311 | 1 Sonium | 1 Enterprise Adressbook | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php. | |||||
| CVE-2006-4314 | 1 Symantec | 1 Enterprise Security Manager | 2018-10-17 | 5.0 MEDIUM | N/A |
| The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request. | |||||
| CVE-2006-4317 | 1 Woltlab | 1 Burning Board | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. | |||||
| CVE-2006-4320 | 1 Opensef Project | 1 Opensef | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4322 | 1 Bits-dont-bite | 1 Estateagent | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4323 | 1 Cityforfree | 1 Indexcity | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2006-4324 | 1 Cityforfree | 1 Indexcity | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2006-4325 | 1 Doika | 1 Doika Guestbook | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-4327 | 1 Cloudnine Interactive | 1 Links Manager | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters. | |||||
| CVE-2006-4328 | 1 Cloudnine Interactive | 1 Links Manager | 2018-10-17 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
| CVE-2006-4330 | 1 Wireshark | 1 Wireshark | 2018-10-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-4333 | 1 Wireshark | 1 Wireshark | 2018-10-17 | 5.4 MEDIUM | N/A |
| The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. | |||||
| CVE-2006-4334 | 1 Gzip | 1 Gzip | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. | |||||
| CVE-2006-4335 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | |||||
| CVE-2006-4336 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | |||||
| CVE-2006-4337 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | |||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | |||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2018-10-17 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | |||||
| CVE-2006-4034 | 1 Moderngigabyte | 1 Modernbill | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. | |||||
| CVE-2006-4036 | 1 Zonemetrics | 1 Zonex Publishers Gold Edition | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-4038 | 1 Chaossoft | 1 Gaestechaos | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters. | |||||
| CVE-2006-4039 | 1 Chaossoft | 1 Gaestechaos | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | |||||
| CVE-2006-4042 | 1 Mywebland | 1 Mybloggie | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | |||||
| CVE-2006-4043 | 1 Mywebland | 1 Mybloggie | 2018-10-17 | 5.0 MEDIUM | N/A |
| index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | |||||
| CVE-2006-4046 | 1 Open Cubic Player | 1 Open Cubic Player | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | |||||
| CVE-2006-4050 | 1 David Walker | 1 Phpautomembersarea | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. | |||||
| CVE-2006-4051 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter. | |||||
| CVE-2006-4052 | 1 Turnkey Web Tools | 1 Php Simple Shop | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php. | |||||
| CVE-2006-4053 | 1 Ehmig | 1 Me Download System | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter. | |||||