Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6184 | 1 Alliedtelesyn | 1 At-tftp | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command. | |||||
| CVE-2006-6363 | 1 Bluesocket | 1 Bsc 2100 | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | |||||
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6111 | 1 Alan Ward | 1 A-cart | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873. | |||||
| CVE-2006-6110 | 1 Bpg-infotech | 1 Content Management System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. | |||||
| CVE-2006-6141 | 1 Philippe Jounin | 1 Tftpd32 | 2018-10-17 | 5.0 MEDIUM | N/A |
| Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. | |||||
| CVE-2006-5934 | 1 Iexpress | 1 Estate Agent Manager | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. | |||||
| CVE-2006-6104 | 1 Mono | 1 Xsp | 2018-10-17 | 5.0 MEDIUM | N/A |
| The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. | |||||
| CVE-2006-6097 | 1 Gnu | 1 Tar | 2018-10-17 | 4.0 MEDIUM | N/A |
| GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | |||||
| CVE-2006-6092 | 1 20 20 Applications | 1 20 20 Auto Gallery | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters. | |||||
| CVE-2006-6090 | 1 Baalasp | 1 Smart Form Portal | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp. | |||||
| CVE-2006-5967 | 1 Panda | 1 Activescan | 2018-10-17 | 5.1 MEDIUM | N/A |
| Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe. | |||||
| CVE-2006-6089 | 1 Baalasp | 1 Baalasp Forum | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. | |||||
| CVE-2006-6113 | 1 James Greenwood | 1 Monkey Boards | 2018-10-17 | 5.0 MEDIUM | N/A |
| Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path. | |||||
| CVE-2006-6088 | 1 Blue-collar Productions | 1 I-gallery | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6087 | 1 My Little Homepage | 1 My Little Weblog | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-6083 | 1 Creascripts | 1 Creadirectory | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2006-5946 | 1 Funkyasp | 1 Glossary | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter. | |||||
| CVE-2006-6082 | 1 Creascripts | 1 Creadirectory | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp. | |||||
| CVE-2006-6081 | 1 Telaen | 1 Telaen | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter. | |||||