Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2507 | 1 Teake Nutma | 1 Foing | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | |||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | |||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | |||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2459 | 1 Php Fusion | 1 Php Fusion | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. | |||||
| CVE-2006-2458 | 1 Libextractor | 1 Libextractor | 2018-10-18 | 4.0 MEDIUM | N/A |
| Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | |||||
| CVE-2006-2547 | 1 Sap | 1 Sapdba | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling. | |||||
| CVE-2006-2410 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | |||||
| CVE-2006-2428 | 1 Duware | 1 Dubanner | 2018-10-18 | 6.4 MEDIUM | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2018-10-18 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2006-2426 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-18 | 6.4 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | |||||
| CVE-2006-2425 | 1 Phpremoteview | 1 Phpremoteview | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | |||||
| CVE-2006-2423 | 1 Swsoft | 1 Confixx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||||
| CVE-2006-2414 | 1 Timo Sirainen | 1 Dovecot | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | |||||
| CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2018-10-18 | 5.0 MEDIUM | N/A |
| GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | |||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | |||||
| CVE-2006-2411 | 1 Raydium | 1 Raydium | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client. | |||||
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | |||||
| CVE-2006-2404 | 1 Radscripts | 1 Radlance | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | |||||
| CVE-2006-2402 | 1 Outgun | 1 Outgun | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | |||||
| CVE-2006-2401 | 1 Outgun | 1 Outgun | 2018-10-18 | 7.8 HIGH | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | |||||
| CVE-2006-2400 | 1 Outgun | 1 Outgun | 2018-10-18 | 7.8 HIGH | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | |||||
| CVE-2006-2398 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter. | |||||
| CVE-2006-2397 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal. | |||||
| CVE-2006-2394 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | |||||
| CVE-2006-2393 | 1 Empire Server | 1 Empire Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | |||||
| CVE-2006-2391 | 1 Emc | 1 Retrospect Client | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. | |||||
| CVE-2006-2386 | 1 Microsoft | 1 Outlook Express | 2018-10-18 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2349 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 6.8 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files. | |||||
| CVE-2006-2348 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2347 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 5.0 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2338 | 1 Planet Concept | 1 Planetstat | 2018-10-18 | 7.5 HIGH | N/A |
| PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page. | |||||
| CVE-2006-2336 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | |||||
| CVE-2006-2335 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 6.5 MEDIUM | N/A |
| Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection. | |||||
| CVE-2006-2334 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2018-10-18 | 2.1 LOW | N/A |
| The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software. | |||||
| CVE-2006-2333 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. | |||||
| CVE-2006-2332 | 1 Mozilla | 1 Firefox | 2018-10-18 | 2.6 LOW | N/A |
| Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash. | |||||
| CVE-2006-2331 | 1 Php Fusion | 1 Php Fusion | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files. | |||||
| CVE-2006-2330 | 1 Php Fusion | 1 Php Fusion | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata. | |||||
| CVE-2006-2329 | 1 Angelinecms | 1 Angelinecms | 2018-10-18 | 5.0 MEDIUM | N/A |
| AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_mssql.inc.php, (5) adodb-borland_ibase, (6) adodb-csv.inc.php, (7) adodb-db2.inc.php, (8) adodb-fbsql.inc.php, (9) adodb-firebird.inc.php, (10) adodb-ibase.inc.php, (11) adodb-informix.inc.php, (12) adodb-informix72.inc, (13) adodb-mssql.inc.php, (14) adodb-mssqlpo.inc.php, (15) adodb-mysql.inc.php, (16) adodb-mysqlt.inc.php, (17) adodb-oci8.inc.php, (18) adodb-oci805.inc.php, (19) adodb-oci8po.inc.php, and (20) adodb-odbc.inc.php, which reveal the path in various error messages; and via a direct request for the (21) lib/system/ directory and (22) possibly other lib/ directories, which provide a directory listing and "architecture view." | |||||
| CVE-2006-2328 | 1 Angelinecms | 1 Angelinecms | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string. | |||||
| CVE-2006-2324 | 1 180solutions | 1 Zango | 2018-10-18 | 10.0 HIGH | N/A |
| 180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com. | |||||
| CVE-2006-2323 | 1 Smartisoft | 1 Phplistpro | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749. | |||||
| CVE-2006-2321 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207. | |||||
| CVE-2006-2320 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209. | |||||
| CVE-2006-2319 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename. | |||||
| CVE-2006-2318 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server. | |||||
| CVE-2006-2317 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile method in Scripting.FileSystemObject. | |||||