Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | |||||
| CVE-2006-6148 | 1 Jiros | 1 Links Manager | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6049 | 1 Phil Taylor | 1 Shambo2 | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-6042 | 1 Phpwebthings | 1 Phpwebthings | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. | |||||
| CVE-2006-6040 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. | |||||
| CVE-2006-6045 | 1 Comdev | 1 Comdev One Admin Pro | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. | |||||
| CVE-2006-6034 | 1 Sitesoutlet | 1 E-commerce Kit-1 | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp. | |||||
| CVE-2006-6033 | 1 Sphpblog | 1 Sphpblog | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.php, (2) add_cgi.php, (3) add_link.php, (4) login.php, (5) template.php, or (6) contact.php. | |||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. | |||||
| CVE-2006-6032 | 1 Sphpblog | 1 Sphpblog | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9. | |||||
| CVE-2006-6031 | 1 Gcis | 1 Aspcart | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp. | |||||
| CVE-2006-6030 | 1 Futuretec | 1 E-calendar Pro | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6029 | 1 Property Pro | 1 Property Pro | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. | |||||
| CVE-2006-6044 | 1 Phpquickgallery | 1 Phpquickgallery | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter. | |||||
| CVE-2006-6023 | 1 Bloo | 1 Bloo | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php. | |||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | |||||
| CVE-2006-5928 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter to (1) add-modify.php, (2) delete.php, (3) modify.php, and (4) phpjobscheduler.php. | |||||
| CVE-2006-6022 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. | |||||