Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5904 | 1 Mwchat Pro | 1 Mwchat Pro | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869. | |||||
| CVE-2006-5903 | 1 Rahul Jonna | 1 Gspace | 2018-10-17 | 7.5 HIGH | N/A |
| Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder. | |||||
| CVE-2006-5902 | 1 Viksoe | 1 Gmail Drive | 2018-10-17 | 7.5 HIGH | N/A |
| viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder. | |||||
| CVE-2006-5901 | 1 Hawking Technology | 1 Wr254-ca Wireless Router | 2018-10-17 | 5.0 MEDIUM | N/A |
| Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | |||||
| CVE-2006-5900 | 1 Zend | 1 Zend Framework Preview | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. | |||||
| CVE-2006-5899 | 1 Acid Stats | 1 Acid Stats | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack. | |||||
| CVE-2006-5892 | 1 The Net Guys | 1 Aspired2poll | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-5891 | 1 Superfreaker Studios | 1 Ustore | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-5896 | 1 Remlab | 1 Web Mech Designer | 2018-10-17 | 5.0 MEDIUM | N/A |
| REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | |||||
| CVE-2006-5888 | 1 Superfreaker Studios | 1 Upublisher | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-5887 | 1 Dynamic Dataworx | 1 Nuschool | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | |||||
| CVE-2006-5885 | 1 Dynamic Dataworx | 1 Nustore | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter. | |||||
| CVE-2006-5883 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. | |||||
| CVE-2006-5881 | 1 Dynamic Dataworx | 1 Nucommunity | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter. | |||||
| CVE-2006-5866 | 1 Phpmanta | 1 Phpmanta | 2018-10-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter. | |||||
| CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2018-10-17 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | |||||
| CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | |||||
| CVE-2006-5854 | 1 Novell | 1 Netware Client | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions. | |||||
| CVE-2006-5850 | 1 Essen | 1 Essentia Web Server | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5841 | 1 Dodos Scripts | 1 Dodosmail | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. | |||||