Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2731 | 1 Enigma Haber | 1 Enigma Haber | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp. | |||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. | |||||
| CVE-2006-2740 | 1 Epic Designs | 1 Tinybb | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors. | |||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2018-10-18 | 7.5 HIGH | N/A |
| The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | |||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2723 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified. | |||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2018-10-18 | 7.5 HIGH | N/A |
| home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. | |||||
| CVE-2006-2721 | 1 Variomat | 1 Variomat | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2720 | 1 Variomat | 1 Variomat | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. | |||||
| CVE-2006-2719 | 1 Jiwa | 1 Financials | 2018-10-18 | 4.9 MEDIUM | N/A |
| JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords. | |||||
| CVE-2006-2718 | 1 Jiwa | 1 Financials | 2018-10-18 | 6.5 MEDIUM | N/A |
| JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. | |||||
| CVE-2006-2750 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. | |||||
| CVE-2006-2749 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. | |||||
| CVE-2006-2748 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php. | |||||
| CVE-2006-2703 | 1 Suse | 1 Suse Linux | 2018-10-18 | 5.0 MEDIUM | N/A |
| The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 5.0 MEDIUM | N/A |
| vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | |||||
| CVE-2006-2700 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | |||||
| CVE-2006-2699 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. | |||||
| CVE-2006-2698 | 1 Geeklog | 1 Geeklog | 2018-10-18 | 7.8 HIGH | N/A |
| Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | |||||
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. | |||||