Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-17 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | |||||
| CVE-2006-4487 | 1 Duware | 1 Dupoll | 2018-10-17 | 5.0 MEDIUM | N/A |
| DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | |||||
| CVE-2006-4494 | 1 Microsoft | 1 Visual Studio | 2018-10-17 | 7.5 HIGH | N/A |
| Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. | |||||
| CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2018-10-17 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. | |||||
| CVE-2006-4496 | 1 Iwebnegar | 1 Iwebnegar | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | |||||
| CVE-2006-4497 | 1 Iwebnegar | 1 Iwebnegar | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4498 | 1 Phpalbum.net | 1 Phpalbum | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922. | |||||
| CVE-2006-4500 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters. | |||||
| CVE-2006-4501 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters. | |||||
| CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 7.5 HIGH | N/A |
| ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | |||||
| CVE-2006-4503 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter. | |||||
| CVE-2006-4504 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters. | |||||
| CVE-2006-4505 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter. | |||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2018-10-17 | 5.0 MEDIUM | N/A |
| The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. | |||||
| CVE-2006-4524 | 1 Digiappz | 1 Freekot | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4528 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. | |||||
| CVE-2006-4529 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. | |||||
| CVE-2006-4530 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | |||||
| CVE-2006-4531 | 1 Bare Concept Media | 1 Pheap Cms | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. | |||||
| CVE-2006-4546 | 1 Lyris | 1 List Manager | 2018-10-17 | 6.5 MEDIUM | N/A |
| Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. | |||||