Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2018-10-18 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | |||||
| CVE-2006-1569 | 1 Redcms | 1 Redcms | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php. | |||||
| CVE-2006-1624 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 7.8 HIGH | N/A |
| The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | |||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | |||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | |||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-18 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | |||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2018-10-18 | 5.0 MEDIUM | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | |||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2018-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | |||||
| CVE-2006-1613 | 1 Aweb Labs | 1 Awebnews | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. | |||||
| CVE-2006-1571 | 1 R2xdesign | 1 Qlitenews | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2018-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | |||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2018-10-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided. | |||||
| CVE-2006-1602 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear. | |||||
| CVE-2006-1592 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. | |||||
| CVE-2006-1572 | 1 O2php.com | 1 Oxygen | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. | |||||
| CVE-2006-1586 | 1 Internet Solutions Professionals | 1 Site Man | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. | |||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | |||||
| CVE-2006-1573 | 1 Mediaslash.com | 1 Mediaslash Gallery | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable). | |||||
| CVE-2006-1576 | 1 Vscripts.pl | 1 Qlnews | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | |||||