Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4617 | 1 Vtiger | 1 Vtiger Crm | 2008-09-05 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | |||||
| CVE-2006-4526 | 1 Devellion | 1 Cubecart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | |||||
| CVE-2006-4366 | 1 Redblog | 1 Redblog | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4527 | 1 Devellion | 1 Cubecart | 2008-09-05 | 2.6 LOW | N/A |
| includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. | |||||
| CVE-2006-4525 | 1 Devellion | 1 Cubecart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. | |||||
| CVE-2006-4499 | 1 Moderngigabyte | 1 Modernbill | 2008-09-05 | 5.0 MEDIUM | N/A |
| ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-4185 | 1 Novell | 1 Edirectory | 2008-09-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | |||||
| CVE-2006-4186 | 1 Novell | 1 Edirectory | 2008-09-05 | 2.1 LOW | N/A |
| The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. | |||||
| CVE-2006-4461 | 1 Paessler | 1 Ipcheck Server Monitor | 2008-09-05 | 10.0 HIGH | N/A |
| Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors. | |||||
| CVE-2006-4453 | 1 Pmwiki | 1 Pmwiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups". | |||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | |||||
| CVE-2006-4248 | 1 Acme Labs | 1 Thttpd | 2008-09-05 | 7.2 HIGH | N/A |
| thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file. | |||||
| CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-4295 | 1 Panda | 1 Panda Activescan | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2006-4271 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system." | |||||
| CVE-2006-3830 | 1 Kailash Nadh | 1 Boastmachine | 2008-09-05 | 4.0 MEDIUM | N/A |
| The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files. | |||||
| CVE-2006-4084 | 1 David Walker | 1 Phpautomembersarea | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." | |||||
| CVE-2006-3778 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. | |||||
| CVE-2006-3957 | 1 Bosdev | 1 Bosdates | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. | |||||
| CVE-2006-3578 | 1 Fujitsu | 1 Serverview | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors. | |||||