Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3366 | 1 V3 Chat | 1 V3 Chat | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...". | |||||
| CVE-2006-3392 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2018-10-18 | 5.0 MEDIUM | N/A |
| Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. | |||||
| CVE-2006-3492 | 1 Mico | 1 Mico | 2018-10-18 | 5.0 MEDIUM | N/A |
| The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect "object key", which triggers an assert error. | |||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3431 | 1 Microsoft | 1 Excel | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. | |||||
| CVE-2006-3421 | 1 Smartsitecms | 1 Smartsitecms | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162. | |||||
| CVE-2006-3491 | 1 Christophe Thibault | 1 Kaillera | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2006-3476 | 1 Phpwebgallery | 1 Phpwebgallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2006-3322 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function. | |||||
| CVE-2006-3128 | 1 Easy-cms | 1 Easy-cms | 2018-10-18 | 4.6 MEDIUM | N/A |
| choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory. | |||||
| CVE-2006-3132 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. | |||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | |||||
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie. | |||||
| CVE-2006-3143 | 1 Maximus | 1 Schoolmax | 2018-10-18 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. | |||||
| CVE-2006-3158 | 1 Eduha Meeting | 1 Eduha Meeting | 2018-10-18 | 7.5 HIGH | N/A |
| index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action. | |||||
| CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-3161 | 1 Saphp | 1 Saphplesson | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. | |||||
| CVE-2006-3168 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php. | |||||
| CVE-2006-3169 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. | |||||
| CVE-2006-3170 | 1 Comscripts | 1 Cs-forum | 2018-10-18 | 5.0 MEDIUM | N/A |
| CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message. | |||||