Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2010 | 1 Paras Chopra | 1 Bloggage | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter. | |||||
| CVE-2006-2009 | 1 Phpmyagenda | 1 Phpmyagenda | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda 3.0 Final and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter. | |||||
| CVE-2006-2005 | 1 Clansys | 1 Clansys | 2018-10-18 | 7.5 HIGH | N/A |
| Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection. | |||||
| CVE-2006-2004 | 1 Michael Romedahl | 1 Ri Blog | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields. | |||||
| CVE-2006-1879 | 1 Oracle | 1 Collaboration Suite | 2018-10-18 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04. | |||||
| CVE-2006-2002 | 1 Mygamingladder | 1 Mygamingladder | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | |||||
| CVE-2006-2001 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector. | |||||
| CVE-2006-1999 | 1 Openttd | 1 Openttd | 2018-10-18 | 5.0 MEDIUM | N/A |
| The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu. | |||||
| CVE-2006-1998 | 1 Openttd | 1 Openttd | 2018-10-18 | 2.1 LOW | N/A |
| OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. | |||||
| CVE-2006-1990 | 1 Php | 1 Php | 2018-10-18 | 5.0 MEDIUM | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | |||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | |||||
| CVE-2006-1979 | 1 Manic Web | 1 Mwguest | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web MWGuest 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. | |||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2018-10-18 | 5.0 MEDIUM | N/A |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | |||||
| CVE-2006-1977 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) message parameters. | |||||
| CVE-2006-1972 | 1 Wingnut | 1 Easygallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter. | |||||
| CVE-2006-1995 | 1 Scry Gallery | 1 Scry Gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | |||||
| CVE-2006-1971 | 1 Krankikom | 1 Contentboxx | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-1966 | 1 Fortinet | 1 Fortinet28 | 2018-10-18 | 5.0 MEDIUM | N/A |
| An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST. | |||||
| CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-18 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||||