Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2605 | 1 Dschat | 1 Dschat | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php. | |||||
| CVE-2006-2617 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-18 | 5.0 MEDIUM | N/A |
| (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2589 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. | |||||
| CVE-2006-2588 | 1 Russcom Network | 1 Phpimages | 2018-10-18 | 5.0 MEDIUM | N/A |
| Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability. | |||||
| CVE-2006-2587 | 1 Even Balance | 1 Punkbuster | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter. | |||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | |||||
| CVE-2006-2583 | 1 Nucleus Group | 1 Nucleus Cms | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. | |||||
| CVE-2006-2580 | 1 Hp | 1 Openview Network Node Manager | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors. | |||||
| CVE-2006-2579 | 1 Hp | 1 Openview Storage Data Protector | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | |||||
| CVE-2006-2575 | 1 Pyrosoft Inc | 1 Netpanzer | 2018-10-18 | 5.0 MEDIUM | N/A |
| The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error. | |||||
| CVE-2006-2574 | 1 Hp | 1 Hp-ux | 2018-10-18 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors. | |||||
| CVE-2006-2486 | 1 Yapbb | 1 Yapbb | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter. | |||||
| CVE-2006-2487 | 1 Scoznet | 1 Scoznews | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue. | |||||
| CVE-2006-2491 | 2 Boastmachine, Kailash Nadh | 2 Boastmachine, Boastmachine | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | |||||
| CVE-2006-2571 | 1 Alkacon | 1 Opencms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | |||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2018-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2018-10-18 | 6.5 MEDIUM | N/A |
| The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | |||||
| CVE-2006-2497 | 1 Aspbb | 1 Aspbb | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. | |||||
| CVE-2006-2567 | 1 Alstrasoft | 1 Article Manager Pro | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | |||||
| CVE-2006-2566 | 1 Alstrasoft | 1 Article Manager Pro | 2018-10-18 | 5.0 MEDIUM | N/A |
| Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | |||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | |||||
| CVE-2006-2564 | 1 Alstrasoft | 1 E-friends | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. | |||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | |||||
| CVE-2006-2499 | 1 Xfairguy | 1 Codeavalanche News | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2006-2555 | 1 Genecys | 1 Genecys | 2018-10-18 | 5.0 MEDIUM | N/A |
| The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference. | |||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2018-10-18 | 6.4 MEDIUM | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | |||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | |||||
| CVE-2006-2553 | 1 Jemscripts | 1 Downloadcontrol | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector. | |||||
| CVE-2006-2552 | 1 Jemscripts | 1 Downloadcontrol | 2018-10-18 | 5.0 MEDIUM | N/A |
| Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php. | |||||
| CVE-2006-2551 | 1 Hp | 1 Hp-ux | 2018-10-18 | 2.1 LOW | N/A |
| Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. | |||||
| CVE-2006-2550 | 1 Perlpodder | 1 Perlpodder | 2018-10-18 | 5.1 MEDIUM | N/A |
| perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548. | |||||
| CVE-2006-2549 | 1 Pdf Tools Ag | 1 Pdf Form Filling And Flattening Tool | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names. | |||||
| CVE-2006-2543 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2018-10-18 | 5.1 MEDIUM | N/A |
| Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php. | |||||
| CVE-2006-2541 | 1 John Andersson | 1 Zixforum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. | |||||
| CVE-2006-2503 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2006-2540 | 1 Dieselscripts | 1 Diesel Job Site | 2018-10-18 | 5.0 MEDIUM | N/A |
| Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | |||||
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | |||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2018-10-18 | 5.0 MEDIUM | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | |||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | |||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2018-10-18 | 6.4 MEDIUM | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | |||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2018-10-18 | 7.5 HIGH | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | |||||
| CVE-2006-2526 | 1 Power Place | 1 Php Easy Galerie | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | |||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2018-10-18 | 2.6 LOW | N/A |
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | |||||
| CVE-2006-2527 | 1 Smartisoft | 1 Phpbazar | 2018-10-18 | 7.5 HIGH | N/A |
| Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | |||||
| CVE-2006-2505 | 1 Oracle | 1 Database Server | 2018-10-18 | 3.6 LOW | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | |||||
| CVE-2006-2520 | 1 Bitberry Software | 1 Bitzipper | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. | |||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2018-10-18 | 2.6 LOW | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | |||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | |||||