Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0802 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. | |||||
| CVE-2006-0804 | 1 Tin | 1 Tin | 2017-07-20 | 7.5 HIGH | N/A |
| Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | |||||
| CVE-2006-0808 | 1 Mute | 1 Mute | 2017-07-20 | 6.4 MEDIUM | N/A |
| MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. | |||||
| CVE-2006-0822 | 1 Emulinker Kaillera Server | 1 Emulinker Kaillera Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server. | |||||
| CVE-2006-0827 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1444 | 1 Apple | 1 Mac Os X | 2017-07-20 | 2.1 LOW | N/A |
| CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services. | |||||
| CVE-2006-0833 | 1 Boonex | 1 Barracuda Directory | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0835 | 1 Mitridat | 1 Web Calendar Pro | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. | |||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 5.0 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 7.5 HIGH | N/A |
| Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | |||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 6.5 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | |||||
| CVE-2006-0846 | 1 Leif M. Wright | 1 Web Blog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | |||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | |||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1443 | 1 Apple | 1 Mac Os X | 2017-07-20 | 6.5 MEDIUM | N/A |
| Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions. | |||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php. | |||||
| CVE-2006-1442 | 1 Apple | 1 Mac Os X | 2017-07-20 | 7.5 HIGH | N/A |
| The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle. | |||||
| CVE-2006-0872 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | |||||
| CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | |||||
| CVE-2006-1441 | 1 Apple | 1 Mac Os X | 2017-07-20 | 7.5 HIGH | N/A |
| Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding. | |||||
| CVE-2006-1440 | 1 Apple | 1 Mac Os X | 2017-07-20 | 2.1 LOW | N/A |
| BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. | |||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. | |||||
| CVE-2006-0886 | 1 Dev | 1 Dev Web Management System | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1435 | 1 Accounting Receiving And Inventory Administration | 1 Aria | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). | |||||
| CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 7.8 HIGH | N/A |
| nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | |||||
| CVE-2006-0905 | 2 Freebsd, Netbsd | 2 Freebsd, Netbsd | 2017-07-20 | 7.5 HIGH | N/A |
| A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks. | |||||
| CVE-2006-1434 | 1 Annuaire | 1 Directory | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). | |||||
| CVE-2006-1452 | 1 Apple | 1 Mac Os X | 2017-07-20 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy. | |||||
| CVE-2006-0924 | 1 Brown Bear Software | 1 Ical | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0925 | 1 Alt-n | 1 Mdaemon | 2017-07-20 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers. | |||||
| CVE-2006-1451 | 1 Apple | 1 Mac Os X | 2017-07-20 | 7.2 HIGH | N/A |
| MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. | |||||
| CVE-2006-0933 | 1 Phpx | 1 Phpx | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0934 | 1 Limbo Cms | 1 Limbo Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form. | |||||
| CVE-2006-1433 | 1 Annuaire | 1 Directory | 2017-07-20 | 5.0 MEDIUM | N/A |
| Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. | |||||
| CVE-2006-0937 | 1 Unu Networks | 1 Mailgust | 2017-07-20 | 5.0 MEDIUM | N/A |
| U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password. | |||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | |||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2017-07-20 | 5.0 MEDIUM | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | |||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | |||||
| CVE-2006-1431 | 1 Fusionzone | 1 Couponzone | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters. | |||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2017-07-20 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | |||||
| CVE-2006-1430 | 1 Controlzx | 1 Hms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php. | |||||
| CVE-2006-1429 | 1 Fusionzone | 1 Classifiedzone | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter. | |||||
| CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2017-07-20 | 5.0 MEDIUM | N/A |
| uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. | |||||
| CVE-2006-0974 | 1 Battleaxe Software | 1 Bttlxeforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter. | |||||
| CVE-2006-0979 | 1 Nidelven It | 1 Issue Dealer | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors. | |||||
| CVE-2006-0995 | 1 Emc Dantz | 1 Retrospect | 2017-07-20 | 5.0 MEDIUM | N/A |
| EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error. | |||||
| CVE-2006-1003 | 1 Netgear | 1 Wgt624 | 2017-07-20 | 5.0 MEDIUM | N/A |
| The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | |||||
| CVE-2006-1004 | 1 Cactusoft | 1 Parodia | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1428 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. | |||||