Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7035 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2018-10-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | |||||
| CVE-2006-7036 | 1 Andys Chat | 1 Andys Chat | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated. | |||||
| CVE-2006-7037 | 2 Mathsoft, Microsoft | 9 Mathcad, Windows 2000, Windows 2003 Server and 6 more | 2018-10-16 | 4.4 MEDIUM | N/A |
| Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | |||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791. | |||||
| CVE-2006-7042 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2006-6945 | 1 Virtuemart | 1 Virtuemart | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php. | |||||
| CVE-2006-6961 | 1 Webroot Software | 1 Spy Sweeper | 2018-10-16 | 6.8 MEDIUM | N/A |
| WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. | |||||
| CVE-2006-6900 | 1 Apple | 1 Mac Os X | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug." | |||||
| CVE-2006-6906 | 1 Apple | 1 Mac Os X | 2018-10-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. | |||||
| CVE-2006-6903 | 1 Toshiba | 1 Bluetooth | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2006-6960 | 1 Webroot Software | 1 Spy Sweeper | 2018-10-16 | 6.8 MEDIUM | N/A |
| The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. | |||||
| CVE-2006-6905 | 1 Broadcom | 1 Widcomm Bluetooth | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||
| CVE-2006-6959 | 1 Webroot Software | 1 Spy Sweeper | 2018-10-16 | 4.6 MEDIUM | N/A |
| WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | |||||
| CVE-2006-7115 | 1 Phpkit | 1 Phpkit | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php. | |||||
| CVE-2006-6927 | 1 Grandora | 1 Rialto | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6928 | 1 Grandora | 1 Rialto | 2018-10-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp. | |||||
| CVE-2006-6907 | 1 Bluesoil Bluetooth | 1 Bluesoil Bluetooth | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors. | |||||
| CVE-2006-6908 | 2 Broadcom, Microsoft | 3 Widcomm Bluetooth, Windows Ce, Windows Mobile | 2018-10-16 | 10.0 HIGH | N/A |
| Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6898 | 1 Broadcom | 1 Widcomm Bluetooth | 2018-10-16 | 7.8 HIGH | N/A |
| Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack. | |||||
| CVE-2006-6902 | 1 Microsoft | 1 Windows 2003 Server | 2018-10-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | |||||