Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1298 | 1 Symantec Veritas | 1 Backup Exec | 2018-10-18 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. | |||||
| CVE-2006-1172 | 1 Tdc | 1 Cryptomathic Cenroll Activex Control | 2018-10-18 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature. | |||||
| CVE-2006-1182 | 1 Adobe | 2 Document Server, Graphics Server | 2018-10-18 | 2.6 LOW | N/A |
| Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command. | |||||
| CVE-2006-1161 | 1 Efs Software | 1 Efs Web Server | 2018-10-18 | 6.5 MEDIUM | N/A |
| Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. | |||||
| CVE-2006-1199 | 1 Daverave | 1 Link Bank | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. | |||||
| CVE-2006-1160 | 1 Efs Software | 1 Efs Web Server | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file. | |||||
| CVE-2006-1159 | 1 Efs Software | 1 Efs Web Server | 2018-10-18 | 7.8 HIGH | N/A |
| Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. | |||||
| CVE-2006-1158 | 1 Kerio | 1 Kerio Mailserver | 2018-10-18 | 7.8 HIGH | N/A |
| Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | |||||
| CVE-2006-1297 | 1 Symantec Veritas | 2 Backup Exec, Backup Exec Remote Agent | 2018-10-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." | |||||
| CVE-2006-1260 | 1 Horde | 1 Horde | 2018-10-18 | 5.0 MEDIUM | N/A |
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | |||||
| CVE-2006-1200 | 1 Daverave | 1 Link Bank | 2018-10-18 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement. | |||||
| CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. | |||||
| CVE-2006-1201 | 1 Eschew.net | 1 Phpbannerexchange | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php). | |||||
| CVE-2006-1202 | 1 Jcink.com | 1 Textfilebb | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value. | |||||
| CVE-2006-1203 | 1 Txtforum | 1 Txtforum | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php. | |||||
| CVE-2006-1204 | 1 Txtforum | 1 Txtforum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php. | |||||
| CVE-2006-1205 | 1 Mywebland | 1 Mybloggie | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. | |||||
| CVE-2006-1151 | 1 M Phorum | 1 M Phorum | 2018-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter. | |||||
| CVE-2006-1207 | 1 Sergey Korostel | 1 Php Upload Center | 2018-10-18 | 5.0 MEDIUM | N/A |
| PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file. | |||||
| CVE-2006-1208 | 1 Sergey Korostel | 1 Php Upload Center | 2018-10-18 | 7.5 HIGH | N/A |
| Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory. | |||||