Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1912 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 5.8 MEDIUM | N/A |
| MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. | |||||
| CVE-2006-1906 | 1 Jjgan852 | 1 Phplister | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-1905 | 1 Xine | 1 Xine | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | |||||
| CVE-2006-1904 | 1 Animegenesis | 1 Gallery | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-1903 | 1 Userland | 1 Manila | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769. | |||||
| CVE-2006-1901 | 1 Mozilla | 1 Camino | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724. | |||||
| CVE-2006-1900 | 1 W3c | 1 Amaya | 2018-10-18 | 7.6 HIGH | N/A |
| Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | |||||
| CVE-2006-1899 | 1 Dev | 1 Neuron Blog | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | |||||
| CVE-2006-1959 | 1 Actualscripts | 1 Actualanalyzer | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | |||||
| CVE-2006-1958 | 1 Wired Community Software | 1 Wwwthreads | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php. | |||||
| CVE-2006-1925 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist. | |||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2018-10-18 | 5.0 MEDIUM | N/A |
| Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | |||||
| CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | |||||
| CVE-2006-1894 | 1 Revoboard | 1 Revoboard | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant. | |||||
| CVE-2006-1893 | 1 Ar-blog | 1 Ar-blog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-1892 | 1 Alwil | 1 Avast Antivirus | 2018-10-18 | 4.9 MEDIUM | N/A |
| avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory. | |||||
| CVE-2006-1889 | 1 Script-solution.de | 1 Boardsolution | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). | |||||
| CVE-2006-1887 | 1 Oracle | 1 Enterpriseone | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01. | |||||
| CVE-2006-1886 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.46.12 and 8.47.04 has unknown impact and attack vectors, aka Vuln# PSE01. | |||||
| CVE-2006-1885 | 1 Oracle | 1 Enterprise Manager | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02. | |||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | |||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | |||||
| CVE-2006-1882 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unknown impact and attack vectors, as identified by Vuln# (1) APPS03 in (a) iProcurement; (2) APPS04 in (b) Oracle Application Object Library; (3) APPS06, (4) APPS07, and (5) APPS08 in (c) Oracle Applications Technology Stack; and (6) APPS11 in (d) Oracle Order Capture. | |||||
| CVE-2006-1881 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Financials for Asia/Pacific component in Oracle E-Business Suite and Applications 11.5.9 has unknown impact and attack vectors. component, aka Vuln# APPS02. | |||||
| CVE-2006-1880 | 1 Oracle | 1 E-business Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component. | |||||
| CVE-2006-1879 | 1 Oracle | 1 Collaboration Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04. | |||||
| CVE-2006-1878 | 1 Phpfaber | 1 Topsites | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-1891 | 1 Betaboard | 1 Betaboard | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormVal_profile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | |||||
| CVE-2006-1872 | 1 Oracle | 1 Database Server | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. | |||||
| CVE-2006-1942 | 3 K-meleon Project, Mozilla, Netscape | 3 K-meleon, Firefox, Navigator | 2018-10-18 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." | |||||
| CVE-2006-2060 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename. | |||||
| CVE-2006-1941 | 1 Neon Software | 1 Neon Responder | 2018-10-18 | 5.0 MEDIUM | N/A |
| Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. | |||||
| CVE-2006-1809 | 1 Lifetype | 1 Lifetype | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message. | |||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | |||||
| CVE-2006-1812 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 6.4 MEDIUM | N/A |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-1813 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2006-1817 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. | |||||
| CVE-2006-1816 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. | |||||
| CVE-2006-1755 | 1 Matthew Dingley | 1 Md News | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1801 | 1 Planet Concept | 1 Planetsearch\+ | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter. | |||||
| CVE-2006-1802 | 1 Tinywebgallery | 1 Tinywebgallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter. | |||||
| CVE-2006-1803 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. | |||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | |||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-1762 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. | |||||
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. | |||||
| CVE-2006-1835 | 1 Vincent Hor | 2 Calendarix, Calendarix Advanced | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | |||||
| CVE-2006-1836 | 1 Symantec | 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more | 2018-10-18 | 6.8 MEDIUM | N/A |
| Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2006-1805 | 1 Powerscripts | 1 Powerclan | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | |||||
| CVE-2006-1806 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action. | |||||