Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | |||||
| CVE-2006-2104 | 1 Kmail | 1 Kmail | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | |||||
| CVE-2006-1970 | 1 Kcscripts | 1 Portal Pack | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||||
| CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | |||||
| CVE-2006-1980 | 1 W2b | 1 Online Banking | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) SID parameter, or (3) ilang parameter. | |||||
| CVE-2006-1981 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. | |||||
| CVE-2006-1986 | 1 Apple | 1 Safari | 2017-07-20 | 7.5 HIGH | N/A |
| Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. | |||||
| CVE-2006-1987 | 1 Apple | 1 Safari | 2017-07-20 | 7.5 HIGH | N/A |
| Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. | |||||
| CVE-2006-1988 | 1 Apple | 1 Safari | 2017-07-20 | 5.0 MEDIUM | N/A |
| The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. | |||||
| CVE-2006-1946 | 1 Visale | 1 Visale | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. | |||||
| CVE-2006-1989 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 5.1 MEDIUM | N/A |
| Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | |||||
| CVE-2006-2110 | 1 Virtual Private Server | 1 Vserver | 2017-07-20 | 2.1 LOW | N/A |
| Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. | |||||
| CVE-2006-1994 | 1 Dforum | 1 Dforum | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | |||||
| CVE-2006-2000 | 1 Logmethods | 1 Logmethods | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. | |||||
| CVE-2006-1920 | 1 Pmtool | 1 Pmtool | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2006 | 1 Ivan Zahariev | 1 Izarc | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2007 | 1 Winny | 1 Winny | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | |||||
| CVE-2006-1907 | 1 Mywebland | 1 Myevent | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2013 | 1 Web-provence | 1 Sl Site | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message. | |||||
| CVE-2006-2014 | 1 Web-provence | 1 Sl Site | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message. | |||||
| CVE-2006-2015 | 1 Web-provence | 1 Sl Site | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names. | |||||
| CVE-2006-2017 | 1 Dnsmasq | 1 Dnsmasq | 2017-07-20 | 5.0 MEDIUM | N/A |
| Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. | |||||
| CVE-2006-2123 | 1 Network Administration Visualized | 1 Network Administration Visualized | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-2124 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php. | |||||
| CVE-2006-2126 | 1 Avalon Ltd | 1 Maxtrade | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | |||||
| CVE-2006-2031 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-1930 | 1 Hoito | 1 Green Minute | 2017-07-20 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations. | |||||
| CVE-2006-1929 | 1 I-rater | 1 I-rater Platinum | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-2038 | 1 Amplecom | 1 Ampleshop | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm. | |||||
| CVE-2006-2039 | 1 Ubertec | 1 Help Center Live | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-2041 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2042 | 1 Adobe | 1 Dreamweaver | 2017-07-20 | 7.5 HIGH | N/A |
| Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. | |||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. | |||||
| CVE-2006-1927 | 1 Cisco | 1 Ios Xr | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. | |||||
| CVE-2006-1924 | 1 Linpha | 1 Linpha | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-2047 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2017-07-20 | 5.0 MEDIUM | N/A |
| Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection. | |||||
| CVE-2006-2092 | 1 Hp | 1 Storageworks Secure Path Windows | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-2053 | 1 Quickestore | 1 Quickestore | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure. | |||||
| CVE-2006-2054 | 1 3com | 1 3c16486 | 2017-07-20 | 5.0 MEDIUM | N/A |
| 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. | |||||
| CVE-2006-2087 | 1 Hitachi | 4 Groupmax Integrated Desktop, Groupmax Mail, Groupmax World Wide Web and 1 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. | |||||
| CVE-2006-1923 | 1 Linpha | 1 Linpha | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. | |||||
| CVE-2006-2129 | 1 Deltascripts | 1 Pro Publish | 2017-07-20 | 5.5 MEDIUM | N/A |
| Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. | |||||
| CVE-2006-2148 | 1 Cgiirc | 1 Cgiirc | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. | |||||
| CVE-2006-2064 | 1 Sun | 1 Solaris | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions. | |||||
| CVE-2006-2068 | 1 Hitachi | 9 Jp1-cm2-network Node Manager, Jp1-cm2-network Node Manager 250, Jpi Automatic Job Management System 2 and 6 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data. | |||||
| CVE-2006-1943 | 1 Smarter Scripts | 1 Intellilink Pro | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. | |||||
| CVE-2006-2072 | 1 Delegate | 1 Delegate | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
| CVE-2006-2073 | 1 Isc | 1 Bind | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. | |||||
| CVE-2006-2074 | 1 Juniper | 1 Junose | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite. | |||||