Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3858 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 2.1 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772). | |||||
| CVE-2006-4001 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 7.5 HIGH | N/A |
| Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password. | |||||
| CVE-2006-3914 | 1 Blackboard | 1 Blackboard Academic Suite | 2018-10-17 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. | |||||
| CVE-2006-3913 | 1 Freeciv | 1 Freeciv | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. | |||||
| CVE-2006-3911 | 1 Php Live | 1 Php Live | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php. | |||||
| CVE-2006-3909 | 1 Wired Community Software | 1 Wwwthreads | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter. | |||||
| CVE-2006-3907 | 1 Siemens | 1 Speedstream Wireless Router | 2018-10-17 | 5.0 MEDIUM | N/A |
| Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. | |||||
| CVE-2006-3848 | 1 Krischan Jodies | 1 Ip Calculator | 2018-10-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable. | |||||
| CVE-2006-3833 | 1 Ej3 | 1 Topo | 2018-10-17 | 5.0 MEDIUM | N/A |
| index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID. | |||||
| CVE-2006-3832 | 1 Gerrit Van Aaken | 1 Loudblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3831 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-17 | 5.0 MEDIUM | N/A |
| The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file. | |||||
| CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2006-3856 | 1 Ibm | 1 Informix Dynamic Server | 2018-10-17 | 2.1 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-3842 | 1 Adventnet | 1 Zoho Virtual Office | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message. | |||||
| CVE-2006-3810 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. | |||||
| CVE-2006-3841 | 1 Owasp | 1 Webscarab | 2018-10-17 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL. | |||||
| CVE-2006-3829 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-17 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action. | |||||
| CVE-2006-3828 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-17 | 6.5 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace." | |||||
| CVE-2006-3827 | 1 Kailash Nadh | 1 Boastmachine | 2018-10-17 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter. | |||||
| CVE-2006-3837 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2018-10-17 | 5.0 MEDIUM | N/A |
| delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout. | |||||