Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2006-2352 | 1 Ipswitch | 1 Whatsup Professional | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2017-07-20 | 4.3 MEDIUM | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | |||||
| CVE-2006-2874 | 1 Osads Alliance Database | 1 Osads Alliance Database | 2017-07-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments. | |||||
| CVE-2006-2873 | 1 Enigma Haber | 1 Enigma Haber | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. | |||||
| CVE-2006-2255 | 1 Creative Software | 1 Community Portal | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php. | |||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | |||||
| CVE-2006-2254 | 1 Intervations | 1 Filecopa | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. | |||||
| CVE-2006-2345 | 1 Roostercode Ajax Softwares | 1 Alipager | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2264 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2017-07-20 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2251 | 1 Invision Power Services | 1 Invision Community Blog | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | |||||
| CVE-2006-2248 | 1 Northern Solutions | 1 Xeneo Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. | |||||
| CVE-2006-2861 | 1 Particle Soft | 1 Particle Wiki | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2006-2856 | 1 Activestate | 1 Activeperl | 2017-07-20 | 4.6 MEDIUM | N/A |
| ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2855 | 1 Xuebook | 1 Xuebook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-2853 | 1 Abarcar | 1 Abarcar Realty Portal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | |||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | |||||
| CVE-2006-2840 | 1 Pmwiki | 1 Pmwiki | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2006-2244 | 1 Web4future | 1 News Portal | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php. | |||||
| CVE-2006-2243 | 1 Web4future | 1 News Portal | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | |||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2839 | 1 Webwork | 1 Webwork | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory. | |||||
| CVE-2006-2838 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2017-07-20 | 7.6 HIGH | N/A |
| Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. | |||||
| CVE-2006-2836 | 1 Pineapple Technologies | 1 Lore | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2006-2292 | 1 Inhouse Associates | 1 Ia-calendar | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2240 | 1 Fujitsu | 4 Netshelter Fw, Netshelter Fw-l, Netshelter Fw-m and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
| CVE-2006-2214 | 1 4images | 1 Image Gallery Management System | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2. | |||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | |||||
| CVE-2006-2829 | 1 Tibco | 3 Hawk, Hawk Monitoring Agent, Runtime Agent | 2017-07-20 | 6.8 MEDIUM | N/A |
| Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma. | |||||
| CVE-2006-2827 | 1 Qualiteam | 1 X-cart | 2017-07-20 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims. | |||||
| CVE-2006-2213 | 1 Hostapd | 1 Hostapd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. | |||||
| CVE-2006-2826 | 1 Phplib Team | 1 Phplib | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie. | |||||
| CVE-2006-2825 | 1 Cpanel | 1 Cpanel | 2017-07-20 | 5.1 MEDIUM | N/A |
| cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | |||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2804 | 1 Goss | 1 Icm | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | |||||
| CVE-2006-2799 | 1 Toenda Software Development | 1 Toendacms | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-2790 | 1 Sun | 1 Storage Automated Diagnostic Environment | 2017-07-20 | 7.2 HIGH | N/A |
| A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | |||||
| CVE-2006-2773 | 1 Hogstorps | 1 Hogstorp Guestbook | 2017-07-20 | 6.4 MEDIUM | N/A |
| admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2772 | 1 Hogstorps | 1 Hogstorp Guestbook | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2017-07-20 | 6.4 MEDIUM | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | |||||
| CVE-2006-2765 | 1 Interlink Advantage | 1 Interlink Advantage | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. | |||||
| CVE-2006-2346 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2017-07-20 | 7.5 HIGH | N/A |
| vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP. | |||||
| CVE-2006-2764 | 1 Xander Ladage | 1 Guestbookxl | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. | |||||
| CVE-2006-2761 | 1 Hitachi | 1 Hitsenser3 | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2729 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||