Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. | |||||
| CVE-2006-2651 | 1 Vacation Rentals | 1 Vacation Rental Script | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. | |||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | |||||
| CVE-2006-2643 | 1 Circle R | 1 Monster Top List | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. | |||||
| CVE-2006-2641 | 1 John Frank | 1 Asset Manager | 2018-10-18 | 5.8 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | |||||
| CVE-2006-2639 | 1 Phpsimplechoose | 1 Phpsimplechoose | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2638 | 1 Qjstudios | 1 Qjforum | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. | |||||
| CVE-2006-2637 | 1 Tuttophp | 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. | |||||
| CVE-2006-2631 | 1 Phpfox | 1 Phpfox | 2018-10-18 | 4.0 MEDIUM | N/A |
| phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. | |||||
| CVE-2006-2642 | 1 Php-residence | 1 Php-residence | 2018-10-18 | 4.3 MEDIUM | N/A |
| ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE. | |||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | |||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2018-10-18 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. | |||||
| CVE-2006-2744 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | |||||
| CVE-2006-2743 | 1 Drupal | 1 Drupal | 2018-10-18 | 5.1 MEDIUM | N/A |
| Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | |||||
| CVE-2006-2742 | 1 Drupal | 1 Drupal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | |||||
| CVE-2006-2741 | 1 Epic Designs | 1 Tinybb | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. | |||||
| CVE-2006-2752 | 1 Suse | 1 Suse Linux | 2018-10-18 | 6.4 MEDIUM | N/A |
| The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. | |||||
| CVE-2006-2751 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. | |||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | |||||