Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1366 | 1 Motorola | 1 Pebl U6 | 2018-10-18 | 7.8 HIGH | N/A |
| Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on Bluetooth channel 9. | |||||
| CVE-2006-1373 | 1 Php Live | 1 Php Live | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter. | |||||
| CVE-2006-1382 | 1 Jelsoft | 1 Impex | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter. | |||||
| CVE-2006-1385 | 1 Kismac | 1 Kismac | 2018-10-18 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame. | |||||
| CVE-2006-1397 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. | |||||
| CVE-2006-1398 | 1 Sixal | 1 G-book | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter. | |||||
| CVE-2006-1412 | 1 Tft Gallery | 1 Tft Gallery | 2018-10-18 | 5.0 MEDIUM | N/A |
| TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd. | |||||
| CVE-2006-1419 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. | |||||
| CVE-2006-1420 | 1 Arabless | 1 Saphplesson | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter. | |||||
| CVE-2006-1421 | 1 Arthur Konze Webdesign | 1 Akocomment | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter. | |||||
| CVE-2006-1464 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. | |||||
| CVE-2006-1425 | 1 Phpmyfamily | 1 Phpmyfamily | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2006-1426 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php. | |||||
| CVE-2006-1465 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. | |||||
| CVE-2006-1474 | 1 Raindance | 1 Web Conferencing Pro | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter. | |||||
| CVE-2006-1475 | 1 Microsoft | 1 Windows Xp | 2018-10-18 | 2.1 LOW | N/A |
| Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. | |||||
| CVE-2006-1476 | 1 Microsoft | 1 Windows Xp | 2018-10-18 | 2.6 LOW | N/A |
| Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. | |||||
| CVE-2006-1477 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php. | |||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2018-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | |||||
| CVE-2006-1482 | 1 Conftool | 1 Conftool | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||