Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1807 | 1 Musicbox | 1 Musicbox | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action. | |||||
| CVE-2006-1754 | 1 Swsoft | 1 Confixx | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. | |||||
| CVE-2006-1808 | 1 Lifetype | 1 Lifetype | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | |||||
| CVE-2006-1810 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 1.9 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile. | |||||
| CVE-2006-1761 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name. | |||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2018-10-18 | 7.5 HIGH | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | |||||
| CVE-2006-1757 | 1 Bill Shupp | 1 Vegadns | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-1742 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | |||||
| CVE-2006-1758 | 1 Bill Shupp | 1 Vegadns | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2006-1759 | 1 Swsoft | 1 Confixx | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | |||||
| CVE-2006-1765 | 1 Jbook | 1 Jbook | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-1864 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | |||||
| CVE-2006-1767 | 1 Nicecoder | 1 Indexu | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | |||||
| CVE-2006-1768 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php. | |||||
| CVE-2006-1769 | 1 Userland | 1 Manila | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. | |||||
| CVE-2006-1770 | 1 Azerbaijan Development Group | 1 Azdgvote | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php. | |||||
| CVE-2006-1771 | 1 Saxotech | 1 Saxopress | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter. | |||||
| CVE-2006-1848 | 1 Linpha | 1 Linpha | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. | |||||
| CVE-2006-1774 | 1 Hp | 2 Compaqhttpserver, System Management Homepage | 2018-10-18 | 7.5 HIGH | N/A |
| HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. | |||||
| CVE-2006-1776 | 1 Simplog | 1 Simplog | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | |||||
| CVE-2006-1777 | 1 Simplog | 1 Simplog | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php. | |||||
| CVE-2006-1778 | 1 Simplog | 1 Simplog | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. | |||||
| CVE-2006-1779 | 1 Simplog | 1 Simplog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. | |||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | |||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | |||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | |||||
| CVE-2006-1785 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.1 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. | |||||
| CVE-2006-1786 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. | |||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | |||||
| CVE-2006-1788 | 1 Adobe | 1 Document Server | 2018-10-18 | 2.6 LOW | N/A |
| Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. | |||||
| CVE-2006-1789 | 1 Georges Auberger | 1 Pajax | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. | |||||
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | |||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | |||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2018-10-18 | 1.2 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | |||||
| CVE-2006-1798 | 1 Rateit | 1 Rateit | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote attackers to execute arbitrary SQL commands via the rateit_id parameter. | |||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | |||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | |||||
| CVE-2006-1869 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. | |||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. | |||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | |||||
| CVE-2006-1763 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | |||||
| CVE-2006-1747 | 1 Vwar | 1 Virtual War | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503. | |||||
| CVE-2006-1734 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 6.8 MEDIUM | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | |||||
| CVE-2006-1736 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 2.6 LOW | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. | |||||
| CVE-2006-1740 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 2.6 LOW | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | |||||
| CVE-2006-1738 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. | |||||
| CVE-2006-1717 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. | |||||
| CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | |||||
| CVE-2006-1715 | 1 Tugzip | 1 Tugzip | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file. | |||||
| CVE-2006-1713 | 1 Phpmyforum | 1 Phpmyforum | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||