Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3559 | 1 Arif Supriyanto | 1 Auracms | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters. | |||||
| CVE-2006-3541 | 1 Kyberna | 1 Ky2help | 2018-10-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes." | |||||
| CVE-2006-3526 | 1 Sport-slo | 1 Sport-slo Advanced Guestbook | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. | |||||
| CVE-2006-3558 | 1 Arif Supriyanto | 1 Auracms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php. | |||||
| CVE-2006-3544 | 1 Invision Power Services | 1 Invision Board | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run." | |||||
| CVE-2006-3537 | 1 Randshop | 1 Randshop | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. | |||||
| CVE-2006-3531 | 1 Pivot | 1 Pivot | 2018-10-18 | 7.5 HIGH | N/A |
| includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters. | |||||
| CVE-2006-3524 | 1 Sipfoundry | 1 Sipxtapi | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message. | |||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2018-10-18 | 10.0 HIGH | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | |||||
| CVE-2006-3532 | 1 Pivot | 1 Pivot | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. | |||||
| CVE-2006-3543 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB. | |||||
| CVE-2006-3554 | 1 Mkportal | 1 Mkportal | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | |||||
| CVE-2006-3550 | 1 F5 | 1 Firepass 4100 | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." | |||||
| CVE-2006-3542 | 1 Boxcar Media | 1 Shopping Cart | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php. | |||||
| CVE-2006-3555 | 1 Php Fusion | 1 Php Fusion | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. | |||||
| CVE-2006-3557 | 1 Mt Orumcek | 1 Mt Orumcek Toplist | 2018-10-18 | 5.0 MEDIUM | N/A |
| MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2006-3533 | 1 Pivot | 1 Pivot | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php. | |||||
| CVE-2006-3475 | 1 Free Qboard | 1 Free Qboard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998. | |||||
| CVE-2006-3406 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter. | |||||
| CVE-2006-3474 | 1 Belchior Foundry | 1 Vcard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php. | |||||