Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | |||||
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE. | |||||
| CVE-2006-1110 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. | |||||
| CVE-2006-1111 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-18 | 7.5 HIGH | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection. | |||||
| CVE-2006-1112 | 1 Aztek Forum | 1 Aztek Forum | 2018-10-18 | 5.0 MEDIUM | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message. | |||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2018-10-18 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1114 | 1 Gerrit Van Aaken | 1 Loudblog | 2018-10-18 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php. | |||||
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2018-10-18 | 2.6 LOW | N/A |
| nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack. | |||||
| CVE-2006-1116 | 1 Ncipher | 1 Ncore | 2018-10-18 | 5.0 MEDIUM | N/A |
| The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected. | |||||
| CVE-2006-1117 | 1 Ncipher | 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more | 2018-10-18 | 2.6 LOW | N/A |
| nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force. | |||||
| CVE-2006-1120 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511. | |||||
| CVE-2006-1121 | 1 Cutephp | 1 Cutenews | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. | |||||
| CVE-2006-1122 | 1 D2ksoft | 1 D2kblog | 2018-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-1123 | 1 D2ksoft | 1 D2kblog | 2018-10-18 | 10.0 HIGH | N/A |
| SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. | |||||
| CVE-2006-1124 | 1 Revilloc Solutions | 1 Revilloc Mailserver | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2006-1129 | 1 Ekinboard | 1 Ekinboard | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. | |||||
| CVE-2006-1132 | 1 Vbzoom | 1 Vbzoom | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. | |||||
| CVE-2006-1023 | 1 Hp | 1 System Management Homepage | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | |||||
| CVE-2006-1085 | 1 Php-stats | 1 Php-stats | 2018-10-18 | 10.0 HIGH | N/A |
| admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password. | |||||