Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3168 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php. | |||||
| CVE-2006-3194 | 1 Singapore | 1 Singapore | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. | |||||
| CVE-2006-3209 | 1 Microsoft | 1 Windows Xp | 2018-10-18 | 7.2 HIGH | N/A |
| ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. | |||||
| CVE-2006-3195 | 1 Singapore | 1 Singapore | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. | |||||
| CVE-2006-3196 | 1 Singapore | 1 Singapore | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in singapore 0.10.0 and earlier allows remote attackers to obtain the installation path via an invalid template parameter, which reveals the path in an error message. | |||||
| CVE-2006-3161 | 1 Saphp | 1 Saphplesson | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. | |||||
| CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-3201 | 1 Hp | 1 Hp-ux | 2018-10-18 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-3158 | 1 Eduha Meeting | 1 Eduha Meeting | 2018-10-18 | 7.5 HIGH | N/A |
| index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action. | |||||
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie. | |||||
| CVE-2006-3205 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions. | |||||
| CVE-2006-3206 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records. | |||||
| CVE-2006-3207 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. | |||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. | |||||
| CVE-2006-3211 | 1 Cjguestbook | 1 Cjguestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter. | |||||
| CVE-2006-3213 | 1 Webboa | 1 Webboa | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. | |||||
| CVE-2006-3268 | 1 Novell | 1 Groupwise | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | |||||
| CVE-2006-3217 | 1 Jaguarsoft | 1 Jaguaredit | 2018-10-18 | 2.6 LOW | N/A |
| JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field. | |||||
| CVE-2006-3218 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2006-3292 | 1 Jaws | 1 Jaws | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | |||||
| CVE-2006-3219 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. | |||||
| CVE-2006-3143 | 1 Maximus | 1 Schoolmax | 2018-10-18 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. | |||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | |||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | |||||
| CVE-2006-3220 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-3264 | 1 Namo | 1 Deepsearch | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2018-10-18 | 7.5 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | |||||
| CVE-2006-3304 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | |||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2006-3238 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | |||||
| CVE-2006-3260 | 1 Virtual Design Studios | 1 Vlbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | |||||
| CVE-2006-3132 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. | |||||
| CVE-2006-3242 | 1 Mutt | 1 Mutt | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. | |||||
| CVE-2006-3250 | 1 Microsoft | 1 Windows Live Messenger | 2018-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. | |||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2018-10-18 | 5.0 MEDIUM | N/A |
| requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2006-3252 | 1 Algorithmic Research | 1 Privatewire Gateway | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2006-3279 | 1 Aewebworks | 1 Aedating | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. | |||||
| CVE-2006-3128 | 1 Easy-cms | 1 Easy-cms | 2018-10-18 | 4.6 MEDIUM | N/A |
| choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory. | |||||
| CVE-2006-3253 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 2.6 LOW | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer." | |||||
| CVE-2006-3273 | 1 Astrodog Press | 1 Some Chess | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | |||||
| CVE-2006-3271 | 1 Softbiz | 1 Dating Script | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | |||||
| CVE-2006-3257 | 1 Claroline | 1 Claroline | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. | |||||
| CVE-2006-3299 | 1 Metalheadws | 1 Usenet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | |||||
| CVE-2006-3296 | 1 George Currums | 1 Open Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-3312 | 1 Qatraq | 1 Qatraq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release. | |||||
| CVE-2006-3313 | 1 Netsoft | 1 Smartnet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. | |||||
| CVE-2006-3314 | 1 Rahnemaco | 1 Rahnemaco | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. | |||||
| CVE-2006-3317 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116. | |||||
| CVE-2006-3319 | 1 Php Icalendar | 1 Php Icalendar | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||