Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3320 | 1 Sitebar | 1 Sitebar | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2006-3322 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function. | |||||
| CVE-2006-3323 | 1 Mastersfusion | 1 Mf Piadas | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script. | |||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | |||||
| CVE-2006-3325 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. | |||||
| CVE-2006-3329 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | |||||
| CVE-2006-3330 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php. | |||||
| CVE-2006-3334 | 1 Greg Roelofs | 1 Libpng | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". | |||||
| CVE-2006-3179 | 1 Swsoft | 1 Confixx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-2006-3337 | 1 Cpanel | 1 Cpanel | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | |||||
| CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | |||||
| CVE-2006-3345 | 1 Ajax Softwares | 1 Alipager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. | |||||
| CVE-2006-3259 | 1 E107 | 1 E107 | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). | |||||
| CVE-2006-3274 | 1 Webmin | 1 Webmin | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | |||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | |||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. | |||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-3042 | 1 Ispconfig | 1 Ispconfig | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer." | |||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement. | |||||
| CVE-2006-3040 | 1 Amr Talkbox | 1 Amr Talkbox | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement. | |||||
| CVE-2006-3113 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-18 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption. | |||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | |||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | |||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | |||||
| CVE-2006-3045 | 1 Teake Nutma | 1 Foing | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in manage_songs.php in Foing 0.7.0e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter. | |||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 7.5 HIGH | N/A |
| PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. | |||||
| CVE-2006-3060 | 1 Webexceluk | 1 P.a.i.d | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page. | |||||
| CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2018-10-18 | 5.0 MEDIUM | N/A |
| MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message. | |||||
| CVE-2006-3033 | 1 Myscrapbook | 1 Myscrapbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input box in singlepage.php when submitting scrapbook pages. | |||||
| CVE-2006-2978 | 1 Mafia Moblog | 1 Mafia Moblog | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php. | |||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 5.1 MEDIUM | N/A |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. | |||||
| CVE-2006-3012 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | |||||
| CVE-2006-3114 | 1 Pc Tools | 1 Pc Tools Antivirus | 2018-10-18 | 4.6 MEDIUM | N/A |
| PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands. | |||||
| CVE-2006-3071 | 1 Anton Belev | 1 Mp3 Search Archive | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter. | |||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | |||||
| CVE-2006-3056 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. | |||||
| CVE-2006-3039 | 1 Cescripts | 1 Realty Home Rent | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." | |||||
| CVE-2006-3006 | 1 Ifoto | 1 Ifoto | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter. | |||||
| CVE-2006-2991 | 1 Ringlink | 1 Ringlink | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi. | |||||
| CVE-2006-3078 | 1 Apboard | 1 Apboard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. | |||||
| CVE-2006-3103 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php. | |||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | |||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | |||||
| CVE-2006-3104 | 1 Bitweaver | 1 Bitweaver | 2018-10-18 | 5.0 MEDIUM | N/A |
| users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message. | |||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2018-10-18 | 2.1 LOW | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | |||||
| CVE-2006-3080 | 1 Axent | 1 Axentforum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. | |||||
| CVE-2006-2968 | 1 Php Labware | 1 Labwiki | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter). | |||||
| CVE-2006-3051 | 1 Six Offene Systeme Gmbh | 1 Sixcms | 2018-10-18 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter. | |||||