Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3674 | 1 Armagetron | 1 Armagetron Advanced | 2017-07-20 | 7.8 HIGH | N/A |
| nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function. | |||||
| CVE-2006-3682 | 1 Awstats | 1 Awstats | 2017-07-20 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. | |||||
| CVE-2006-3972 | 1 Scott Weedon | 1 Ajax Chat | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. | |||||
| CVE-2006-4258 | 1 John Hanna | 1 Anti-spam Smtp Proxy Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. | |||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2017-07-20 | 7.5 HIGH | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | |||||
| CVE-2006-3974 | 1 3com | 1 3cr860-95 | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | |||||
| CVE-2006-3383 | 1 Mads | 1 Mads | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports. | |||||
| CVE-2006-3391 | 1 Imbc | 1 Imbccontents Activex Control | 2017-07-20 | 5.1 MEDIUM | N/A |
| The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler. | |||||
| CVE-2006-3147 | 1 Hosting Controller | 1 Hosting Controller | 2017-07-20 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788. | |||||
| CVE-2006-3695 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 6.8 MEDIUM | N/A |
| Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. | |||||
| CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error. | |||||
| CVE-2006-3141 | 1 Dpivision | 1 Tradingeye Shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. | |||||
| CVE-2006-3152 | 1 Bluehouse Project | 1 Phptrader | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php. | |||||
| CVE-2006-3140 | 1 Openci | 1 Openci | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2017-07-20 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | |||||
| CVE-2006-3696 | 1 Agnitum | 1 Outpost Firewall | 2017-07-20 | 2.1 LOW | N/A |
| filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe. | |||||
| CVE-2006-3137 | 1 Cutting Edge Computing | 1 Edge Ecommerce Shop | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. | |||||
| CVE-2006-3135 | 1 Hotwebscripts | 1 Cms Mundo | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update. | |||||
| CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2017-07-20 | 7.8 HIGH | N/A |
| Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | |||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2017-07-20 | 9.3 HIGH | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | |||||
| CVE-2006-4259 | 1 Jake Olefsky | 1 Fotopholder | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability. | |||||
| CVE-2006-4260 | 1 Jake Olefsky | 1 Fotopholder | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter. | |||||
| CVE-2006-3726 | 1 Intervations | 1 Filecopa | 2017-07-20 | 6.5 MEDIUM | N/A |
| Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command. | |||||
| CVE-2006-3732 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | |||||
| CVE-2006-3734 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. | |||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | |||||
| CVE-2006-3130 | 1 Clubpage | 1 Clubpage | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | |||||
| CVE-2006-3397 | 1 Pkr Internet | 1 Taskjitsu | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task. | |||||
| CVE-2006-3125 | 1 Gtetrinet | 1 Gtetrinet | 2017-07-20 | 7.5 HIGH | N/A |
| Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-3124 | 1 Streamripper | 1 Streamripper | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. | |||||
| CVE-2006-3123 | 1 Matt Blaze | 1 Cryptographic File System | 2017-07-20 | 2.1 LOW | N/A |
| Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | |||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2017-07-20 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. | |||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3305 | 1 Uebimiau | 1 Uebimiau | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. | |||||
| CVE-2006-3303 | 1 Deluxebb | 1 Deluxebb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. | |||||
| CVE-2006-3302 | 1 Cbsms | 1 Mambo Module | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4304 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. | |||||
| CVE-2006-3301 | 1 Phpqladmin | 1 Phpqladmin | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. | |||||
| CVE-2006-4189 | 1 Boonex | 1 Dolphin | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | |||||
| CVE-2006-3893 | 2 Casio, Newtone | 2 Photo Loader, Imagekit | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2006-3402 | 1 Virtuastore | 1 Virtuastore | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. | |||||
| CVE-2006-3119 | 1 Fbi | 1 Fbi | 2017-07-20 | 5.1 MEDIUM | N/A |
| The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | |||||
| CVE-2006-3407 | 1 Tor | 1 Tor | 2017-07-20 | 6.4 MEDIUM | N/A |
| Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters. | |||||
| CVE-2006-3116 | 1 Spiffyjr | 1 Phpraid | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php. | |||||
| CVE-2006-3115 | 1 Spiffyjr | 1 Phpraid | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter. | |||||
| CVE-2006-3112 | 1 Chipmailer | 1 Chipmailer | 2017-07-20 | 5.0 MEDIUM | N/A |
| Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function. | |||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr. | |||||