Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1723 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2018-10-18 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. | |||||
| CVE-2006-1724 | 2 Debian, Mozilla | 5 Debian Linux, Firefox, Mozilla Suite and 2 more | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. | |||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2018-10-18 | 5.0 MEDIUM | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | |||||
| CVE-2006-1714 | 1 Phpmyforum | 1 Phpmyforum | 2018-10-18 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. | |||||
| CVE-2006-1732 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | |||||
| CVE-2006-1720 | 1 Arabless | 1 Saphplesson | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | |||||
| CVE-2006-1583 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. | |||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2018-10-18 | 2.1 LOW | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2018-10-18 | 5.0 MEDIUM | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | |||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | |||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | |||||
| CVE-2006-1697 | 1 Matt Wright | 1 Matt Wright Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message. | |||||
| CVE-2006-1689 | 1 Hp | 1 Hp-ux | 2018-10-18 | 7.2 HIGH | N/A |
| Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | |||||
| CVE-2006-1683 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | |||||
| CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 2.6 LOW | N/A |
| Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | |||||
| CVE-2006-1679 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. | |||||
| CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | |||||
| CVE-2006-1669 | 1 Phpheaven | 1 Phpmychat | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue. | |||||
| CVE-2006-1666 | 1 Arab Portal | 1 Arab Portal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter. | |||||
| CVE-2006-1665 | 1 Arab Portal | 1 Arab Portal | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php. | |||||
| CVE-2006-1662 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-18 | 7.5 HIGH | N/A |
| The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. | |||||
| CVE-2006-1659 | 1 Softbiz | 1 Image Gallery | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. | |||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | |||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. | |||||
| CVE-2006-1654 | 1 Hp | 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. | |||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. | |||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol." | |||||
| CVE-2006-1650 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue. | |||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-18 | 7.2 HIGH | N/A |
| The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | |||||
| CVE-2006-1648 | 1 Smart Technologies | 1 Synchroneyes | 2018-10-18 | 5.0 MEDIUM | N/A |
| SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc. | |||||
| CVE-2006-1647 | 1 Smart Technologies | 1 Synchroneyes | 2018-10-18 | 7.8 HIGH | N/A |
| An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port. | |||||
| CVE-2006-1645 | 1 Reloadcms | 1 Reloadcms | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel. | |||||
| CVE-2006-1641 | 1 Czaries Network | 1 Czarnews | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php. | |||||
| CVE-2006-1640 | 1 Czaries Network | 1 Czarnews | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2006-1639 | 1 Wire Plastik Design | 1 Wpblog | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | |||||
| CVE-2006-1531 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1638 | 1 Aweb Labs | 1 Awebbb | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | |||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2018-10-18 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | |||||
| CVE-2006-1624 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 7.8 HIGH | N/A |
| The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | |||||
| CVE-2006-1530 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Seamonkey and 1 more | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1533 | 1 Sourceworkshop | 1 Newsletter | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter. | |||||
| CVE-2006-1529 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | |||||
| CVE-2006-1534 | 1 Null News | 1 Null News | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Null news allow remote attackers to execute arbitrary SQL commands via (1) the user_email parameter in (a) lostpass.php, and the (2) user_email and (3) user_username parameters in (b) sub.php and (c) unsub.php. | |||||
| CVE-2006-1535 | 1 Phoetux.net | 1 Phxcontacts | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | |||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | |||||
| CVE-2006-1536 | 1 Phoetux.net | 1 Phxcontacts | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php. | |||||