Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | |||||
| CVE-2006-2857 | 1 Lifetype | 1 Lifetype | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in LifeType 1.0.4 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a ViewArticle action (viewarticleaction.class.php). | |||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | |||||
| CVE-2006-2928 | 1 Cms-bandits | 1 Cms-bandits | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | |||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | |||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | |||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-18 | 7.5 HIGH | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | |||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | |||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | |||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | |||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | |||||
| CVE-2006-2849 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | |||||
| CVE-2006-2848 | 1 Full Revolution | 1 Aspweblinks | 2018-10-18 | 5.0 MEDIUM | N/A |
| links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field. | |||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2018-10-18 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2787 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 9.3 HIGH | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | |||||