Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2018-10-18 | 7.5 HIGH | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | |||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2018-10-18 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | |||||
| CVE-2006-3376 | 1 Wvware | 2 Libwmf, Wv2 | 2018-10-18 | 7.5 HIGH | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | |||||
| CVE-2006-3514 | 1 Phpblogger | 1 Php-blogger | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters. | |||||
| CVE-2006-3515 | 1 Myiosoft.com | 1 Ajaxportal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||
| CVE-2006-3516 | 1 Freehost | 1 Freehost | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php. | |||||
| CVE-2006-3549 | 1 Horde | 1 Horde Application Framework | 2018-10-18 | 5.0 MEDIUM | N/A |
| services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform "Web tunneling" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server. | |||||
| CVE-2006-3517 | 1 Rwscripts.com | 1 Rw Download | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-3403 | 1 Samba | 1 Samba | 2018-10-18 | 5.0 MEDIUM | N/A |
| The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | |||||
| CVE-2006-3405 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. | |||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | |||||
| CVE-2006-3373 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2018-10-18 | 2.1 LOW | N/A |
| Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | |||||
| CVE-2006-3518 | 1 Webvizyon.net | 1 Webvizyon Portal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | |||||
| CVE-2006-3371 | 1 Eupla | 1 Foros | 2018-10-18 | 5.0 MEDIUM | N/A |
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2018-10-18 | 5.0 MEDIUM | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3369 | 1 Iduprey | 1 Kamikaze-qscm | 2018-10-18 | 5.0 MEDIUM | N/A |
| Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3368 | 1 Efone | 1 Efone | 2018-10-18 | 5.0 MEDIUM | N/A |
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-3436 | 1 Microsoft | 1 .net Framework | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | |||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||