Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6805 | 1 Enthrallweb | 1 Ejobs | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6806 | 1 Enthrallweb | 1 Emates | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6807 | 1 Softwebs Nepal | 1 Ananda Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter. | |||||
| CVE-2006-6809 | 1 Vladimir Menshakov | 1 Buratinable Templator | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter. | |||||
| CVE-2006-6812 | 1 Myphpcalendar | 1 Myphpcalendar | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php. | |||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-6820 | 1 Enthrallweb | 1 Ecoupons | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6821 | 1 Enthrallweb | 1 Enews | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6822 | 1 Enthrallweb | 1 Eclassifieds | 2017-10-19 | 3.5 LOW | N/A |
| myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | |||||
| CVE-2006-6823 | 1 Yrch | 1 Yrch | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6827 | 1 Macromedia | 1 Flash Player | 2017-10-19 | 5.0 MEDIUM | N/A |
| Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. | |||||
| CVE-2006-6830 | 1 Cafelog | 1 B2 Blog | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | |||||
| CVE-2006-6831 | 1 Alan Ward | 1 A-faq | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter. | |||||
| CVE-2006-6842 | 1 Codemonkeyx | 1 Acronym Mod | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6846 | 1 Cybercoded | 1 While You Were Out Inout Board | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp. | |||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2017-10-19 | 10.0 HIGH | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | |||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2017-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | |||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2017-10-19 | 10.0 HIGH | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2017-10-19 | 7.8 HIGH | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | |||||
| CVE-2006-6867 | 1 Vladimir Meshakov | 1 Bubla | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809. | |||||
| CVE-2006-6869 | 1 Maxdev | 1 Mdforum | 2017-10-19 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | |||||
| CVE-2006-6871 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. | |||||
| CVE-2006-6872 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2006-6873 | 1 Endonesia | 1 Endonesia | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation. | |||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2017-10-19 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2006-6878 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | |||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2017-10-19 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | |||||
| CVE-2006-6880 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | |||||
| CVE-2006-6885 | 1 Macromedia | 1 Shockwave | 2017-10-19 | 4.3 MEDIUM | N/A |
| An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | |||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2017-10-19 | 5.0 MEDIUM | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | |||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2017-10-19 | 7.5 HIGH | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | |||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2017-10-19 | 7.5 HIGH | N/A |
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | |||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2017-10-19 | 5.0 MEDIUM | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | |||||
| CVE-2006-6910 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 7.8 HIGH | N/A |
| formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | |||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2017-10-19 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | |||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | |||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2017-10-19 | 5.0 MEDIUM | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | |||||
| CVE-2006-6962 | 1 Joomla | 1 Rs Gallery2 | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | |||||
| CVE-2006-6976 | 1 Centipaid | 1 Centipaid | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | |||||
| CVE-2006-7156 | 1 Minibb | 1 Keyword Replacer | 2017-10-19 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | |||||
| CVE-2006-7172 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | |||||
| CVE-2006-7173 | 1 Php-stats | 1 Php-stats | 2017-10-19 | 10.0 HIGH | N/A |
| Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | |||||
| CVE-2007-0015 | 1 Apple | 1 Quicktime | 2017-10-19 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||||
| CVE-2007-0020 | 1 Panic Transmit | 1 Panic Transmit | 2017-10-19 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | |||||
| CVE-2007-0049 | 1 Geckovich | 2 Tasktracker, Tasktracker Pro | 2017-10-19 | 7.5 HIGH | N/A |
| Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | |||||
| CVE-2007-0052 | 1 Vizayn Haber | 1 Vizayn Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-0053 | 1 Asp Siteware | 1 Autodealer | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | |||||
| CVE-2007-0055 | 1 Fersch | 1 Formbankserver | 2017-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0082 | 1 Imgallery | 1 Imgallery | 2017-10-19 | 6.5 MEDIUM | N/A |
| users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | |||||