Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0539 | 1 Thibault Godouet | 1 Fcron | 2018-10-19 | 4.6 MEDIUM | N/A |
| The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data." | |||||
| CVE-2006-0538 | 1 Ciphertrust | 1 Ironmail | 2018-10-19 | 2.6 LOW | N/A |
| CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections. | |||||
| CVE-2006-0536 | 1 Neomail | 1 Neomail | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort". | |||||
| CVE-2006-0534 | 1 Cybershop | 1 Asp Ultimate E-commerce Script | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter. | |||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | |||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||||
| CVE-2006-0713 | 1 Linpha | 1 Linpha | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal. | |||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | |||||
| CVE-2006-0703 | 1 Imagevue | 1 Imagevue | 2018-10-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. | |||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | |||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
| CVE-2006-0530 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. | |||||
| CVE-2006-0721 | 1 Runcms | 1 Runcms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | |||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters. | |||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 5.0 MEDIUM | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | |||||
| CVE-2006-0690 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0685 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 10.0 HIGH | N/A |
| The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-0684 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 7.5 HIGH | N/A |
| change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access. | |||||
| CVE-2006-0683 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file. | |||||