Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2034 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | |||||
| CVE-2006-1769 | 1 Userland | 1 Manila | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. | |||||
| CVE-2006-1869 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. | |||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2018-10-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. | |||||
| CVE-2006-1848 | 1 Linpha | 1 Linpha | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. | |||||
| CVE-2006-1864 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | |||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | |||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | |||||
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | |||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2018-10-18 | 1.2 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | |||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | |||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | |||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | |||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. | |||||
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. | |||||
| CVE-2006-1817 | 1 The War Forge | 1 Warforge.news | 2018-10-18 | 2.6 LOW | N/A |
| SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie. | |||||
| CVE-2006-1816 | 1 Jelsoft | 1 Vbulletin | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. | |||||
| CVE-2006-1813 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2006-1812 | 1 Phpwebftp | 1 Phpwebftp | 2018-10-18 | 6.4 MEDIUM | N/A |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | |||||