Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2018-10-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | |||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2018-10-17 | 7.8 HIGH | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | |||||
| CVE-2006-6776 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | |||||
| CVE-2006-6777 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. | |||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | |||||
| CVE-2006-6778 | 1 Timberwolf | 1 Timberwolf | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | |||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. | |||||
| CVE-2006-6780 | 1 Hlstats | 1 Hlstats | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter. | |||||
| CVE-2006-6781 | 1 Hlstats | 1 Hlstats | 2018-10-17 | 5.0 MEDIUM | N/A |
| HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message. | |||||
| CVE-2006-6640 | 1 Omniture | 1 Sitecatalyst | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6784 | 1 Netbula | 1 Anyboard | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form. | |||||
| CVE-2006-6517 | 1 Kdpics | 1 Kdpics | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. | |||||
| CVE-2006-6563 | 1 Proftpd Project | 1 Proftpd | 2018-10-17 | 6.6 MEDIUM | N/A |
| Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. | |||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 6.4 MEDIUM | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | |||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | |||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | |||||
| CVE-2006-6549 | 1 Rad Inks | 1 Rad Upload | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below." | |||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2018-10-17 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||||
| CVE-2006-6788 | 1 Luckybot | 1 Luckybot | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php. | |||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2018-10-17 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | |||||