Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3346 | 1 Carlos Sanchez Valle | 1 Mynewsgroups | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter. | |||||
| CVE-2006-3349 | 1 Sms Script | 1 Sms Script | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php. | |||||
| CVE-2006-3350 | 1 Cimmetry Systems | 1 Autovue Solidmodel Professional | 2018-10-18 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive. | |||||
| CVE-2006-3351 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-18 | 5.4 MEDIUM | N/A |
| Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | |||||
| CVE-2006-3352 | 1 Mozilla | 1 Firefox | 2018-10-18 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status. | |||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2018-10-18 | 5.0 MEDIUM | N/A |
| Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | |||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement. | |||||
| CVE-2006-3092 | 1 Phpmyfactures | 1 Phpmyfactures | 2018-10-18 | 7.5 HIGH | N/A |
| PhpMyFactures 1.2 and earlier allows remote attackers to bypass authentication and modify data via direct requests with modified parameters to (1) /tva/ajouter_tva.php, (2) /remises/ajouter_remise.php, (3) /pays/ajouter_pays.php, (4) /pays/modifier_pays.php, (5) /produits/ajouter_cat.php, (6) /produits/ajouter_produit.php, (7) /clients/ajouter_client.php, (8) /clients/modifier_client.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | |||||
| CVE-2006-3070 | 1 Zeroboard | 1 Zeroboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. | |||||
| CVE-2006-3042 | 1 Ispconfig | 1 Ispconfig | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer." | |||||
| CVE-2006-3006 | 1 Ifoto | 1 Ifoto | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter. | |||||
| CVE-2006-3012 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php. | |||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 5.1 MEDIUM | N/A |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. | |||||
| CVE-2006-3053 | 1 Phorum | 1 Phorum | 2018-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor. | |||||
| CVE-2006-3066 | 1 Ibm | 1 Db2 Universal Database | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | |||||
| CVE-2006-3065 | 1 Blursoft | 1 Blur6ex | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different. | |||||
| CVE-2006-3062 | 1 Myphp Guestbook | 1 Myphp Guestbook | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-3056 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter. | |||||
| CVE-2006-3055 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php. | |||||