Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1689 | 1 Hp | 1 Hp-ux | 2018-10-18 | 7.2 HIGH | N/A |
| Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | |||||
| CVE-2006-1545 | 1 Vscripts | 1 Vnews | 2018-10-18 | 9.0 HIGH | N/A |
| Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php. | |||||
| CVE-2006-1683 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | |||||
| CVE-2006-1551 | 1 Georges Auberger | 1 Pajax | 2018-10-18 | 7.5 HIGH | N/A |
| Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters. | |||||
| CVE-2006-1553 | 1 Tachyon | 1 Vsns Lemon | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1680 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 2.6 LOW | N/A |
| Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | |||||
| CVE-2006-1679 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. | |||||
| CVE-2006-1675 | 1 Phpwebgallery | 1 Phpwebgallery | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | |||||
| CVE-2006-1554 | 1 Tachyon | 1 Vsns Lemon | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. | |||||
| CVE-2006-1555 | 1 Tachyon | 1 Vsns Lemon | 2018-10-18 | 7.5 HIGH | N/A |
| VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. | |||||
| CVE-2006-1556 | 1 Al-caricatier | 1 Al-caricatier | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter. | |||||
| CVE-2006-1557 | 1 Skintech | 1 X-changer | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php. | |||||
| CVE-2006-1560 | 1 Skintech | 1 Phpnewsmanager | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information. | |||||
| CVE-2006-1669 | 1 Phpheaven | 1 Phpmychat | 2018-10-18 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue. | |||||
| CVE-2006-1666 | 1 Arab Portal | 1 Arab Portal | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter. | |||||
| CVE-2006-1665 | 1 Arab Portal | 1 Arab Portal | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php. | |||||
| CVE-2006-1662 | 1 Limbo Cms | 1 Limbo Cms | 2018-10-18 | 7.5 HIGH | N/A |
| The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. | |||||
| CVE-2006-1659 | 1 Softbiz | 1 Image Gallery | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. | |||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | |||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. | |||||