Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1009 | 1 M4 Project | 1 Enigma-suite | 2017-07-20 | 4.6 MEDIUM | N/A |
| M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. | |||||
| CVE-2006-1010 | 1 Crossfire | 1 Crossfire | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request. | |||||
| CVE-2006-1011 | 1 Peters Software | 1 Lettermerger | 2017-07-20 | 2.1 LOW | N/A |
| LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1012 | 1 Wordpress | 1 Wordpress | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | |||||
| CVE-2006-1019 | 1 Ukiweb | 1 Ukiboard | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, some of which reference a source URL that appears to be for an unrelated issue. | |||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2017-07-20 | 7.5 HIGH | N/A |
| JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | |||||
| CVE-2006-1427 | 1 Web-app.org | 1 Webapp | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi. | |||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
| CVE-2006-1033 | 1 Cpg-nuke | 1 Dragonfly Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module. | |||||
| CVE-2006-1038 | 1 Van Dyke Technologies | 2 Securecrt, Securefx | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. | |||||
| CVE-2006-1046 | 1 Monopd | 1 Monopd | 2017-07-20 | 5.0 MEDIUM | N/A |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | |||||
| CVE-2006-1048 | 1 Joomla | 1 Joomla | 2017-07-20 | 5.0 MEDIUM | N/A |
| Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | |||||
| CVE-2006-1050 | 1 Kwik-pay | 1 Kwik-pay Payroll | 2017-07-20 | 2.1 LOW | N/A |
| ** DISPUTED ** Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers." | |||||
| CVE-2006-1051 | 1 Akarru | 1 Social Bookmarking Engine | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php. | |||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. | |||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | |||||
| CVE-2006-1064 | 1 Lurker | 1 Lurker | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1438 | 1 Andy Grayndler | 1 Andys Php Knowledgebase | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php. | |||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2006-1089 | 1 Punbb | 1 Punbb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. | |||||
| CVE-2006-1090 | 1 Punbb | 1 Punbb | 2017-07-20 | 7.8 HIGH | N/A |
| register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. | |||||
| CVE-2006-1091 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2017-07-20 | 7.8 HIGH | N/A |
| Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. | |||||
| CVE-2006-1418 | 1 Caloris Planitia Technologies | 1 E-school Management System | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-1416 | 1 Xigla | 1 Absolute Faq Manager .net | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter. | |||||
| CVE-2006-1118 | 1 Bmail | 1 Bmail | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets. | |||||
| CVE-2006-1125 | 1 Grisoft | 1 Avg Antivirus | 2017-07-20 | 4.6 MEDIUM | N/A |
| Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges. | |||||
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 6.4 MEDIUM | N/A |
| Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | |||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | |||||
| CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | |||||
| CVE-2006-1131 | 1 Bitweaver | 1 Bitweaver | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. | |||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. | |||||
| CVE-2006-1140 | 1 Redblog | 1 Redblog | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | |||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. | |||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2017-07-20 | 7.8 HIGH | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | |||||
| CVE-2006-1152 | 1 M Phorum | 1 M Phorum | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. | |||||
| CVE-2006-1156 | 1 Manas Tungare | 1 Site Membership Script | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | |||||
| CVE-2006-1162 | 1 Nodez | 1 Nodez | 2017-07-20 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter. | |||||
| CVE-2006-1163 | 1 Nodez | 1 Nodez | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability. | |||||
| CVE-2006-1415 | 1 Dotnetbb | 1 Dotnetbb Forums | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. | |||||
| CVE-2006-1165 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data." | |||||
| CVE-2006-1166 | 1 Monotone | 1 Monotone | 2017-07-20 | 3.7 LOW | N/A |
| Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone. | |||||
| CVE-2006-1414 | 1 Toast Forums | 1 Toast Forums | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in Toast Forums 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, (3) message, or (4) dayprune parameter. | |||||
| CVE-2006-1175 | 1 Weonlydo | 1 Weonlydo Sftp | 2017-07-20 | 4.0 MEDIUM | N/A |
| The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. | |||||
| CVE-2006-1176 | 1 Ebay | 1 Enhanced Picture Services | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
| CVE-2006-1178 | 1 Tamarack Consulting | 1 Tamarack Mmsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets. | |||||
| CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | |||||
| CVE-2006-1215 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. | |||||