Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3604 | 1 Seyeon | 1 Flexwatch Network Camera | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL. | |||||
| CVE-2006-3607 | 1 Softbiz | 1 Banner Exchange | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php. | |||||
| CVE-2006-3608 | 1 Flatnuke | 1 Flatnuke | 2018-10-18 | 4.6 MEDIUM | N/A |
| The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file. | |||||
| CVE-2006-3609 | 1 Orbitcoders | 1 Orbitmatrix | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute. | |||||
| CVE-2006-3610 | 1 Orbitcoders | 1 Orbitmatrix | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this issue is not an exposure. | |||||
| CVE-2006-3611 | 1 Phorum | 1 Phorum | 2018-10-18 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php. | |||||
| CVE-2006-3618 | 1 Pixelated By Lev | 1 Pixelated By Lev Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters. | |||||
| CVE-2006-3598 | 1 Php-nuke | 1 Sections Module | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op. | |||||
| CVE-2006-3675 | 1 Counterpane | 1 Passwordsafe | 2018-10-18 | 2.1 LOW | N/A |
| Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents. | |||||
| CVE-2006-3567 | 1 Juniper | 1 Dx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. | |||||
| CVE-2006-3676 | 1 Planet Concept | 1 Planetgallery | 2018-10-18 | 5.1 MEDIUM | N/A |
| admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types. | |||||
| CVE-2006-3625 | 1 Flv | 1 Flv Player | 2018-10-18 | 5.0 MEDIUM | N/A |
| FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message. | |||||
| CVE-2006-3626 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 6.2 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. | |||||
| CVE-2006-3522 | 1 Clearswift | 1 Mimesweeper For Web | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site. | |||||
| CVE-2006-3546 | 1 Ada | 1 Imgsvr | 2018-10-18 | 5.0 MEDIUM | N/A |
| Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463. | |||||
| CVE-2006-3540 | 1 Zonelabs | 1 Zonealarm Security Suite | 2018-10-18 | 4.9 MEDIUM | N/A |
| Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument. | |||||
| CVE-2006-3560 | 1 Blue Dojo | 1 Graffiti Forums | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter. | |||||
| CVE-2006-3547 | 1 Vmware | 1 Player | 2018-10-18 | 2.6 LOW | N/A |
| ** DISPUTED ** EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed. | |||||
| CVE-2006-3538 | 1 Beatificfaith | 1 Eprayer | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the (1) "Your name" field and (2) "Enter Prayer Request here" field. | |||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | |||||