Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2182 | 1 Albinator | 1 Albinator | 2011-03-07 | 6.4 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. | |||||
| CVE-2006-2184 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." | |||||
| CVE-2006-2294 | 1 Timobraun | 1 Dynamic Galerie | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal. | |||||
| CVE-2006-2310 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-07 | 5.0 MEDIUM | N/A |
| BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. | |||||
| CVE-2006-2311 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. | |||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2011-03-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. | |||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2011-03-07 | 6.4 MEDIUM | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | |||||
| CVE-2006-1846 | 1 Francisco Burzi | 1 Php-nuke | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. | |||||
| CVE-2006-1922 | 1 Sweetphp | 1 Totalcalendar | 2011-03-07 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2006-2003 | 1 Community Architect | 1 Community Architect Guestbook | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1497 | 1 Vihor | 1 Vihordesign | 2011-03-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter. | |||||
| CVE-2006-1505 | 1 Basic Analysis And Security Engine | 1 Base | 2011-03-07 | 5.0 MEDIUM | N/A |
| base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes". | |||||
| CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2011-03-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | |||||
| CVE-2006-1514 | 1 Abcmidi | 1 Abcmidi | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | |||||
| CVE-2006-1515 | 1 Typespeed | 1 Typespeed | 2011-03-07 | 7.5 HIGH | N/A |
| Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-1558 | 1 Php | 1 Php Script Index | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1604 | 1 Exponent | 1 Exponent Cms | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | |||||
| CVE-2006-1605 | 1 Exponent | 1 Exponent Cms | 2011-03-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | |||||
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | |||||