Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0501 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user. | |||||
| CVE-2006-0502 | 1 Farsinews | 1 Farsinews | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter. | |||||
| CVE-2006-0505 | 1 Zbattle.net | 1 Zbattle Client | 2018-10-19 | 5.0 MEDIUM | N/A |
| zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game. | |||||
| CVE-2006-0506 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | |||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | |||||
| CVE-2006-0687 | 1 Docmgr | 1 Docmgr | 2018-10-19 | 5.0 MEDIUM | N/A |
| process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable. | |||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||||
| CVE-2006-0688 | 1 Nicecoder | 1 Indexu | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2006-0494 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter. | |||||
| CVE-2006-0495 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable). | |||||
| CVE-2006-0686 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 10.0 HIGH | N/A |
| add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-0439 | 1 Text Rider | 1 Text Rider | 2018-10-19 | 5.0 MEDIUM | N/A |
| Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. | |||||
| CVE-2006-0440 | 1 Text Rider | 1 Text Rider | 2018-10-19 | 5.0 MEDIUM | N/A |
| Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie. | |||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | |||||
| CVE-2006-0443 | 1 Cheesyblog | 1 Cheesyblog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. | |||||
| CVE-2006-0418 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2018-10-19 | 7.5 HIGH | N/A |
| Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. | |||||
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2018-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. | |||||
| CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2018-10-19 | 5.0 MEDIUM | N/A |
| phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | |||||
| CVE-2006-0309 | 1 Linksys | 1 Befvp41 | 2018-10-19 | 4.0 MEDIUM | N/A |
| Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. | |||||
| CVE-2006-0461 | 1 Pmachine | 1 Expressionengine | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). | |||||