Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | |||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | |||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | |||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | |||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | |||||
| CVE-2006-2807 | 1 Aspwebsoft | 1 Speedy Asp Discussion Forum | 2018-10-18 | 10.0 HIGH | N/A |
| ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. | |||||
| CVE-2006-2806 | 1 Apache | 1 James | 2018-10-18 | 7.8 HIGH | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | |||||
| CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2018-10-18 | 5.0 MEDIUM | N/A |
| Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | |||||
| CVE-2006-2794 | 1 Aspsitem | 1 Aspsitem | 2018-10-18 | 7.8 HIGH | N/A |
| Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter. | |||||
| CVE-2006-2793 | 1 Aspsitem | 1 Aspsitem | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
| CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | |||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2018-10-18 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | |||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | |||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | |||||
| CVE-2006-2928 | 1 Cms-bandits | 1 Cms-bandits | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | |||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | |||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | |||||
| CVE-2006-2892 | 1 Gantty | 1 Gantty | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action. | |||||
| CVE-2006-2891 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | |||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 5.1 MEDIUM | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | |||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | |||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | |||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | |||||
| CVE-2006-2791 | 1 Net Art Media | 1 Iboutique.mall | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter. | |||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | |||||
| CVE-2006-2887 | 1 Aspburst | 1 Mynewsletter | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | |||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-18 | 7.5 HIGH | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | |||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | |||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | |||||
| CVE-2006-2914 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory. | |||||
| CVE-2006-2875 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | |||||
| CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration. | |||||
| CVE-2006-2872 | 1 Rumble | 1 Rumble | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Rumble 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the configArr[pathtodir] parameter. | |||||
| CVE-2006-2871 | 1 Cyboards | 1 Cyboards Php Lite | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value. | |||||
| CVE-2006-2916 | 1 Kde | 1 Arts | 2018-10-18 | 6.0 MEDIUM | N/A |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |||||
| CVE-2006-2867 | 1 Coolforum | 1 Coolforum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2006-2866 | 1 Dotclear | 1 Dotclear | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | |||||
| CVE-2006-2845 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | |||||
| CVE-2006-2844 | 1 Redaxo | 1 Redaxo | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php. | |||||
| CVE-2006-2785 | 1 Mozilla | 1 Firefox | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. | |||||