Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2304 | 1 Novell | 1 Client | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow. | |||||
| CVE-2006-2333 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. | |||||
| CVE-2006-2323 | 1 Smartisoft | 1 Phplistpro | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The config.php vector is already covered by CVE-2006-1749. | |||||
| CVE-2006-2321 | 1 Ideal Science | 1 Idealbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207. | |||||
| CVE-2006-2414 | 1 Timo Sirainen | 1 Dovecot | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | |||||
| CVE-2006-2411 | 1 Raydium | 1 Raydium | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client. | |||||
| CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2018-10-18 | 5.0 MEDIUM | N/A |
| GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | |||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | |||||
| CVE-2006-2410 | 1 Raydium | 1 Raydium | 2018-10-18 | 5.0 MEDIUM | N/A |
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | |||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-2138 | 1 Neomail | 1 Neomail | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | |||||
| CVE-2006-2212 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-18 | 6.4 MEDIUM | N/A |
| Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. | |||||
| CVE-2006-2189 | 1 Servous | 1 Sblog | 2018-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135. | |||||
| CVE-2006-2127 | 1 Blog Mod | 1 Blog Mod | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2006-2188 | 1 Cmscout | 1 Cmscout | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. | |||||
| CVE-2006-2121 | 1 I-rater | 1 I-rater Platinum | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929. | |||||
| CVE-2006-2119 | 1 Artmedic Webdesign | 1 Artmedic Event | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | |||||
| CVE-2006-2118 | 1 Jmk Web Scripts | 1 Jmk Picture Gallery | 2018-10-18 | 7.5 HIGH | N/A |
| JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | |||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | |||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 5.5 MEDIUM | N/A |
| SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | |||||