Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2011-03-07 | 5.0 MEDIUM | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | |||||
| CVE-2006-0109 | 1 Modular Merchant | 1 Shopping Cart | 2011-03-07 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-0127 | 1 Rockliffe | 1 Mailsite | 2011-03-07 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. | |||||
| CVE-2006-0126 | 1 Rxvt-unicode | 1 Rxvt-unicode | 2011-03-07 | 4.6 MEDIUM | N/A |
| rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | |||||
| CVE-2006-0077 | 1 Richard Dawe | 1 File Extattr | 2011-03-07 | 2.1 LOW | N/A |
| Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. | |||||
| CVE-2006-0067 | 1 Vego | 1 Vego Links Builder | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0125 | 1 Appserv Open Project | 1 Appserv | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. | |||||
| CVE-2006-0122 | 1 Aquifer Cms | 1 Aquifer Cms | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. | |||||
| CVE-2006-0084 | 1 Rasmp | 1 Rasmp | 2011-03-07 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). | |||||
| CVE-2006-0085 | 1 Nkads | 1 Nkads | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. | |||||
| CVE-2006-0112 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-0086 | 1 Next Generation Image Gallery | 1 Next Generation Image Gallery | 2011-03-07 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-0089 | 1 Esri | 1 Arcpad | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | |||||
| CVE-2005-4524 | 1 Mantis | 1 Mantis | 2011-03-07 | 5.0 MEDIUM | N/A |
| Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. | |||||
| CVE-2005-4328 | 1 University Of Arizona | 1 Webglimpse | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2005-4329 | 1 Php Arena | 1 Pafiledb | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter. | |||||
| CVE-2005-4330 | 1 Ihtml Merchant | 1 Ihtml Merchant Mall | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters. | |||||
| CVE-2005-4655 | 1 Php Fusion | 1 Php Fusion | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". | |||||
| CVE-2005-4484 | 1 Iatek | 1 Intranetapp | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ret_page parameter to login.asp or the (2) do_search and (3) search parameters to content.asp. | |||||
| CVE-2005-4331 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters. | |||||