Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2216 | 1 Devsyn | 1 Open Bulletin Board | 2018-10-18 | 5.0 MEDIUM | N/A |
| Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. | |||||
| CVE-2006-2167 | 1 Sloughflash | 1 Sf-users | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. | |||||
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2018-10-18 | 7.5 HIGH | N/A |
| planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | |||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2018-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | |||||
| CVE-2006-2114 | 1 Sws | 1 Sws Simple Web Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2006-2221 | 2 Bitrock, Process-one | 2 Install Builder, Ejabberd | 2018-10-18 | 2.1 LOW | N/A |
| A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. | |||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | |||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | |||||
| CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2018-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | |||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | |||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 6.4 MEDIUM | N/A |
| CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | |||||
| CVE-2006-2102 | 1 Poweriso | 1 Poweriso | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2100 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2018-10-18 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2097 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | |||||
| CVE-2006-2096 | 1 Neocrome | 1 Land Down Under | 2018-10-18 | 5.0 MEDIUM | N/A |
| plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message. | |||||
| CVE-2006-2222 | 1 Norz | 1 Zawhttpd | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters. | |||||
| CVE-2006-2202 | 1 Invision Power Services | 1 Invision Gallery | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | |||||
| CVE-2006-2091 | 1 Vwar | 1 Virtual War | 2018-10-18 | 5.0 MEDIUM | N/A |
| admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message. | |||||