Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0879 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2006-0878 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2018-10-18 | 5.0 MEDIUM | N/A |
| Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. | |||||
| CVE-2006-0877 | 1 Easy Forum | 1 Easy Forum | 2018-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. | |||||
| CVE-2006-0780 | 1 Perlblog | 1 Perlblog | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. | |||||
| CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. | |||||
| CVE-2006-0837 | 1 Micromuse | 1 Netcool Neusecure | 2018-10-18 | 2.1 LOW | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | |||||
| CVE-2006-0869 | 1 Pear | 1 Pear Liveuser | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie. | |||||
| CVE-2006-0781 | 1 Perlblog | 1 Perlblog | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. | |||||
| CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | |||||
| CVE-2006-0818 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2018-10-18 | 4.0 MEDIUM | N/A |
| Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558. | |||||
| CVE-2006-0817 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. | |||||
| CVE-2006-0836 | 1 Mozilla | 1 Thunderbird | 2018-10-18 | 2.6 LOW | N/A |
| Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | |||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2018-10-18 | 5.0 MEDIUM | N/A |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | |||||
| CVE-2006-0867 | 1 South River | 1 Webdrive | 2018-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. | |||||
| CVE-2006-0866 | 1 Punbb | 1 Punbb | 2018-10-18 | 5.0 MEDIUM | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | |||||
| CVE-2006-0940 | 1 Cynical Games | 1 Shoutlive | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php. | |||||
| CVE-2006-0865 | 1 Punbb | 1 Punbb | 2018-10-18 | 5.0 MEDIUM | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly. | |||||
| CVE-2006-0864 | 1 Hauri | 1 Virobot | 2018-10-18 | 10.0 HIGH | N/A |
| filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. | |||||
| CVE-2006-0819 | 1 Gnome | 1 Dwarf Http Server | 2018-10-18 | 7.8 HIGH | N/A |
| Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | |||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2018-10-18 | 5.0 MEDIUM | N/A |
| InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. | |||||