Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2018-10-19 | 4.0 MEDIUM | N/A |
| WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | |||||
| CVE-2006-0630 | 1 Ritlabs | 1 The Bat | 2018-10-19 | 5.0 MEDIUM | N/A |
| RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers. | |||||
| CVE-2006-0629 | 1 Aol | 1 Instant Messenger | 2018-10-19 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. | |||||
| CVE-2006-0628 | 1 Dale Ray | 1 Myquiz | 2018-10-19 | 7.5 HIGH | N/A |
| myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable. | |||||
| CVE-2006-0627 | 1 Clever Copy | 1 Clever Copy | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats. | |||||
| CVE-2006-0624 | 1 Webeveyn | 1 Whomp Real Estate Manager Xp 2005 | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2018-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means. | |||||
| CVE-2006-0733 | 1 Wordpress | 1 Wordpress | 2018-10-19 | 2.6 LOW | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability. | |||||
| CVE-2006-0735 | 2 Fuzzymonkey, M Blom | 2 My Blog, Html-bbcode | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag. | |||||
| CVE-2006-0572 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 7.5 HIGH | N/A |
| phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-0571 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | |||||
| CVE-2006-0570 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface. | |||||
| CVE-2006-0678 | 1 Postgresql | 1 Postgresql | 2018-10-19 | 1.5 LOW | N/A |
| PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. | |||||
| CVE-2006-0566 | 1 Communigate | 1 Communigate Pro Core Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements. | |||||
| CVE-2006-0563 | 1 Pluggedout | 1 Pluggedout Blog | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action. | |||||
| CVE-2006-0562 | 1 Pluggedout | 1 Pluggedout Blog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. | |||||
| CVE-2006-0546 | 1 Egeinternet | 1 Egeinternet | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE. | |||||
| CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | |||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | |||||
| CVE-2006-0540 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||