Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3295 | 1 George Currums | 1 Open Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2006-3296 | 1 George Currums | 1 Open Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2006-3299 | 1 Metalheadws | 1 Usenet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. | |||||
| CVE-2006-3304 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. | |||||
| CVE-2006-3311 | 1 Adobe | 2 Flash Player, Flex Sdk | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. | |||||
| CVE-2006-3312 | 1 Qatraq | 1 Qatraq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release. | |||||
| CVE-2006-3313 | 1 Netsoft | 1 Smartnet | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. | |||||
| CVE-2006-3314 | 1 Rahnemaco | 1 Rahnemaco | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. | |||||
| CVE-2006-3317 | 1 Spiffyjr | 1 Phpraid | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116. | |||||
| CVE-2006-3319 | 1 Php Icalendar | 1 Php Icalendar | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. | |||||
| CVE-2006-3320 | 1 Sitebar | 1 Sitebar | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2006-3323 | 1 Mastersfusion | 1 Mf Piadas | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script. | |||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | |||||
| CVE-2006-3325 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 5.0 MEDIUM | N/A |
| client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. | |||||
| CVE-2006-3329 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter. | |||||
| CVE-2006-3330 | 1 Deltascripts | 1 Php Classifieds | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php. | |||||
| CVE-2006-3334 | 1 Greg Roelofs | 1 Libpng | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". | |||||
| CVE-2006-3337 | 1 Cpanel | 1 Cpanel | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | |||||
| CVE-2006-3345 | 1 Ajax Softwares | 1 Alipager | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line. | |||||