Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3935 | 1 Alkacon | 1 Opencms | 2018-10-17 | 6.5 MEDIUM | N/A |
| system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. | |||||
| CVE-2006-3933 | 1 Alkacon | 1 Opencms | 2018-10-17 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. | |||||
| CVE-2006-3931 | 1 Tuomas Airaksinen | 1 Midirecord | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid. | |||||
| CVE-2006-3930 | 1 Mamboxchange | 1 A6mambohelpdesk | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2006-3929 | 1 Zyxel | 1 Prestige 660h-61 | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter. | |||||
| CVE-2006-3996 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2018-10-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. | |||||
| CVE-2006-3997 | 1 Wowroster | 1 Wowroster | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter. | |||||
| CVE-2006-3999 | 1 Iss | 1 Blackice Pc Protection | 2018-10-17 | 4.6 MEDIUM | N/A |
| ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions. | |||||
| CVE-2006-4000 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2006-4007 | 1 Knusperleicht | 1 Knusperleicht Guestbook | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. | |||||
| CVE-2006-4008 | 1 Knusperleicht | 1 Faq | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. | |||||
| CVE-2006-4009 | 1 Vwar | 1 Virtual War | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-4012 | 1 Savewebportal | 1 Savewebportal | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687. | |||||
| CVE-2006-4015 | 1 Hp | 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl | 2018-10-17 | 5.0 MEDIUM | N/A |
| Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. | |||||
| CVE-2006-4017 | 1 Inter Network Marketing Ag | 1 G3 Content Management System | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. | |||||
| CVE-2006-4019 | 1 Squirrelmail | 1 Squirrelmail | 2018-10-17 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||||
| CVE-2006-4021 | 1 Scatterchat | 1 Scatterchat | 2018-10-17 | 2.6 LOW | N/A |
| The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. | |||||
| CVE-2006-4023 | 1 Php | 1 Php | 2018-10-17 | 5.0 MEDIUM | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | |||||
| CVE-2006-4025 | 1 Xennobb | 1 Xennobb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | |||||
| CVE-2006-3923 | 1 Fire-mouse | 1 Fire-mouse Toplist | 2018-10-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter. | |||||