Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1413 | 1 Htmljunction | 1 Ezhomepagepro | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp. | |||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1239 | 1 Countersoft | 1 Gemini | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1411 | 1 Xigla | 1 Absolute Image Gallery Xe | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters. | |||||
| CVE-2006-1410 | 1 Xigla | 1 Absolute Live Support Xe | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field. | |||||
| CVE-2006-1255 | 1 Mercur | 1 Mercur Messaging | 2017-07-20 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. | |||||
| CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | |||||
| CVE-2006-1261 | 1 Aspportal | 1 Aspportal | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1262 | 1 Aspportal | 1 Aspportal | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | |||||
| CVE-2006-1409 | 1 Vavoom | 1 Vavoom | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet. | |||||
| CVE-2006-1266 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. | |||||
| CVE-2006-1352 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents. | |||||
| CVE-2006-1408 | 1 Vavoom | 1 Vavoom | 2017-07-20 | 5.0 MEDIUM | N/A |
| Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket. | |||||
| CVE-2006-1269 | 1 Rahul Dhesi | 1 Zoo | 2017-07-20 | 6.2 MEDIUM | N/A |
| Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive. | |||||
| CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2017-07-20 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1276 | 1 Himpfen Consulting | 1 Php Simplenews | 2017-07-20 | 10.0 HIGH | N/A |
| admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. | |||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2017-07-20 | 5.0 MEDIUM | N/A |
| CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | |||||
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2017-07-20 | 7.5 HIGH | N/A |
| CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | |||||
| CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 7.2 HIGH | N/A |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | |||||
| CVE-2006-1407 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp. | |||||
| CVE-2006-1406 | 1 Uniforum | 1 Uniforum | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. | |||||
| CVE-2006-1286 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2017-07-20 | 2.1 LOW | N/A |
| Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to read certain sensitive information from the database. | |||||
| CVE-2006-1405 | 1 Sheer Vision Technologies | 1 Sscms | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2006-1288 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. | |||||
| CVE-2006-1295 | 1 Spip | 1 Spip | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. | |||||
| CVE-2006-1296 | 1 Beagle-project | 1 Beagle | 2017-07-20 | 7.5 HIGH | N/A |
| Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH. | |||||
| CVE-2006-1319 | 1 Runit | 1 Runit | 2017-07-20 | 6.2 MEDIUM | N/A |
| chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type. | |||||
| CVE-2006-1320 | 1 Rssh | 1 Rssh | 2017-07-20 | 7.5 HIGH | N/A |
| util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf. | |||||
| CVE-2006-1321 | 1 Webcheck | 1 Webcheck | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report. | |||||
| CVE-2006-1322 | 1 Novell | 2 Netware, Netware Ftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | |||||
| CVE-2006-1324 | 1 Woltlab | 1 Burning Board | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. | |||||
| CVE-2006-1325 | 1 Streber | 1 Streber | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1329 | 1 Jabberstudio | 1 Jabberd | 2017-07-20 | 5.0 MEDIUM | N/A |
| The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". | |||||
| CVE-2006-1331 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter. | |||||
| CVE-2006-1332 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-20 | 6.4 MEDIUM | N/A |
| Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message. | |||||
| CVE-2006-1335 | 1 Gnome | 1 Screensaver | 2017-07-20 | 3.7 LOW | N/A |
| gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome. | |||||
| CVE-2006-1351 | 1 Bea | 1 Weblogic Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. | |||||
| CVE-2006-1356 | 1 Andrew Hsu | 2 Libvc, Rolo | 2017-07-20 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line. | |||||
| CVE-2006-1370 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-07-20 | 9.3 HIGH | N/A |
| Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. | |||||
| CVE-2006-1372 | 1 Benson It Solutions | 1 1webcalendar | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. | |||||
| CVE-2006-1361 | 1 Oswiki | 1 Oswiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. | |||||
| CVE-2006-1369 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. | |||||
| CVE-2006-1374 | 1 Brain Book Software | 1 Adman | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter. | |||||
| CVE-2006-1375 | 1 Brain Book Software | 1 Adman | 2017-07-20 | 5.0 MEDIUM | N/A |
| AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php. | |||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2017-07-20 | 2.1 LOW | N/A |
| The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2006-1404 | 1 Industrial Imagination | 1 Blankol | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter. | |||||
| CVE-2006-1381 | 1 Trend Micro | 1 Officescan | 2017-07-20 | 10.0 HIGH | N/A |
| Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. | |||||
| CVE-2006-1383 | 1 Pablo Software Solutions | 1 Baby Ftp Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not. | |||||
| CVE-2006-1384 | 1 Ibm | 1 Tivoli Business Systems Manager | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. | |||||
| CVE-2006-1399 | 1 Php Lite | 1 Meeting Reserve | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||