Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2006-6793 | 1 Okul Merkezi | 1 Okul Merkezi Portal | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-6862 | 1 Outfront | 1 Spooky Login | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. | |||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | |||||
| CVE-2006-6649 | 1 Hypervm | 1 Hypervm | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence. | |||||
| CVE-2006-6797 | 1 Microsoft | 1 Windows Xp | 2018-10-17 | 6.6 MEDIUM | N/A |
| The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | |||||
| CVE-2006-6537 | 1 Ibm | 1 Websphere Host On-demand | 2018-10-17 | 7.5 HIGH | N/A |
| IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | |||||
| CVE-2006-6854 | 1 De Marchi Daniele | 1 Quickcam | 2018-10-17 | 7.5 HIGH | N/A |
| The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | |||||
| CVE-2006-6618 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6861 | 1 Outfront | 1 Spooky Login | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. | |||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | |||||
| CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit." | |||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 7.5 HIGH | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | |||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | |||||
| CVE-2006-6477 | 1 Mandiant | 1 First Response | 2018-10-17 | 2.4 LOW | N/A |
| FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-6423 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2018-10-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix. | |||||
| CVE-2006-6424 | 1 Novell | 1 Netmail | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow. | |||||
| CVE-2006-6425 | 1 Novell | 1 Netmail | 2018-10-17 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command. | |||||
| CVE-2006-6385 | 1 Intel | 4 Pro 1000 Adapters, Pro 1000 Pcie Adapters, Pro 10 100 Adapters and 1 more | 2018-10-17 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers. | |||||
| CVE-2006-6389 | 1 Ac4p | 1 Ac4p Mobile | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. | |||||