Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0075 | 1 Gnu | 1 Phpbook | 2018-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. | |||||
| CVE-2006-0137 | 1 Phanatic Softwares | 1 Chimera Web Portal | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-0145 | 1 Netbsd | 1 Netbsd | 2018-10-19 | 4.6 MEDIUM | N/A |
| The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. | |||||
| CVE-2006-0147 | 5 John Lim, Mantis, Moodle and 2 more | 5 Adodb, Mantis, Moodle and 2 more | 2018-10-19 | 7.5 HIGH | N/A |
| Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. | |||||
| CVE-2006-0102 | 1 Ralph Capper | 1 Tinyphpforum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. | |||||
| CVE-2006-0066 | 1 Phpjournaler | 1 Phpjournaler | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. | |||||
| CVE-2006-0105 | 1 Postgresql | 1 Postgresql | 2018-10-19 | 5.0 MEDIUM | N/A |
| PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. | |||||
| CVE-2006-0104 | 1 Ralph Capper | 1 Tinyphpforum | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php. | |||||
| CVE-2006-0153 | 1 427bb | 1 Fourtwosevenbb | 2018-10-19 | 7.5 HIGH | N/A |
| 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. | |||||
| CVE-2006-0110 | 1 Javier Suarez Sanz | 1 Foro Domus | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. | |||||
| CVE-2006-0154 | 1 427bb | 1 Fourtwosevenbb | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. | |||||
| CVE-2006-0155 | 1 427bb | 1 Fourtwosevenbb | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI. | |||||
| CVE-2006-0051 | 1 Kaffeine | 1 Kaffeine Player | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function. | |||||
| CVE-2006-0132 | 1 Webftp | 1 Webftp | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. | |||||
| CVE-2006-0049 | 1 Gnu | 1 Privacy Guard | 2018-10-19 | 5.0 MEDIUM | N/A |
| gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | |||||
| CVE-2006-0069 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. | |||||
| CVE-2006-0124 | 1 Adn Forum | 1 Adn Forum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. | |||||
| CVE-2006-0015 | 1 Microsoft | 2 Frontpage Server Extensions, Sharepoint Team Services | 2018-10-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. | |||||
| CVE-2006-0116 | 1 Inetstore | 1 Inetstore Online | 2018-10-19 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. | |||||
| CVE-2005-4815 | 1 Sap | 1 Sap R 3 | 2018-10-19 | 7.5 HIGH | N/A |
| SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln." | |||||