Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2425 | 1 Phpremoteview | 1 Phpremoteview | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | |||||
| CVE-2006-2423 | 1 Swsoft | 1 Confixx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||||
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | |||||
| CVE-2006-2404 | 1 Radscripts | 1 Radlance | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | |||||
| CVE-2006-2402 | 1 Outgun | 1 Outgun | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string. | |||||
| CVE-2006-2401 | 1 Outgun | 1 Outgun | 2018-10-18 | 7.8 HIGH | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | |||||
| CVE-2006-2400 | 1 Outgun | 1 Outgun | 2018-10-18 | 7.8 HIGH | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (game interruption) via large packets, which cause an exception to be thrown. | |||||
| CVE-2006-2398 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter. | |||||
| CVE-2006-2397 | 1 Gphotos | 1 Gphotos | 2018-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal. | |||||
| CVE-2006-2394 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chat.php in PHP Live Helper allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | |||||
| CVE-2006-2393 | 1 Empire Server | 1 Empire Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | |||||
| CVE-2006-2391 | 1 Emc | 1 Retrospect Client | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. | |||||
| CVE-2006-2386 | 1 Microsoft | 1 Outlook Express | 2018-10-18 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. | |||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2349 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 6.8 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files. | |||||
| CVE-2006-2348 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2347 | 1 Oasyssoft | 1 E-business Designer | 2018-10-18 | 5.0 MEDIUM | N/A |
| E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2338 | 1 Planet Concept | 1 Planetstat | 2018-10-18 | 7.5 HIGH | N/A |
| PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page. | |||||
| CVE-2006-2336 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | |||||
| CVE-2006-2335 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 6.5 MEDIUM | N/A |
| Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection. | |||||