Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6341 | 1 Mg.blattl | 1 Mg.applanix | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php. | |||||
| CVE-2006-6352 | 1 Frisk Software | 1 F-prot Antivirus | 2018-10-17 | 5.0 MEDIUM | N/A |
| FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. | |||||
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. | |||||
| CVE-2006-6355 | 1 Duware | 1 Duclassmate | 2018-10-17 | 10.0 HIGH | N/A |
| SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049. | |||||
| CVE-2006-6267 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.8 HIGH | N/A |
| PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message. | |||||
| CVE-2006-6232 | 1 Dreamcost | 1 Dreamaccount | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | |||||
| CVE-2006-6236 | 1 Adobe | 1 Acrobat Reader | 2018-10-17 | 9.3 HIGH | N/A |
| Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027. | |||||
| CVE-2006-6266 | 1 Microsoft | 1 Teredo | 2018-10-17 | 6.8 MEDIUM | N/A |
| Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. | |||||
| CVE-2006-6194 | 1 Fisasp.com | 1 Ultimate Survey Pro | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | |||||
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2018-10-17 | 7.5 HIGH | N/A |
| 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | |||||
| CVE-2006-6265 | 1 Microsoft | 1 Teredo | 2018-10-17 | 5.8 MEDIUM | N/A |
| Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. | |||||
| CVE-2006-6237 | 1 Woltlab | 1 Burning Board Lite | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter. | |||||
| CVE-2006-6264 | 1 Microsoft | 1 Teredo | 2018-10-17 | 7.5 HIGH | N/A |
| Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering. | |||||
| CVE-2006-6231 | 1 Vubb | 1 Vubb | 2018-10-17 | 5.0 MEDIUM | N/A |
| vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | |||||
| CVE-2006-6263 | 1 Microsoft | 1 Teredo | 2018-10-17 | 6.8 MEDIUM | N/A |
| Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets. | |||||
| CVE-2006-6270 | 1 Kervancilar | 1 Aspmforum | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141. | |||||
| CVE-2006-6230 | 1 Vubb | 1 Vubb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962. | |||||
| CVE-2006-6259 | 1 Alternc | 1 Alternc | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain. | |||||
| CVE-2006-6258 | 1 Alternc | 1 Alternc | 2018-10-17 | 9.3 HIGH | N/A |
| The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack. | |||||