Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1660 | 1 Softbiz | 1 Image Gallery | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1687 | 1 Apt | 1 Apt-webshop-system | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. | |||||
| CVE-2006-1692 | 1 Manic Web | 1 Mwnewsletter | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis. | |||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2011-03-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||||
| CVE-2006-1745 | 1 Bitweaver | 1 Bitweaver | 2011-03-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2011-03-07 | 7.8 HIGH | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1093 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | |||||
| CVE-2006-1096 | 1 Digital Builder | 1 Nz Ecommerce | 2011-03-07 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem. | |||||
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | |||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | |||||
| CVE-2006-1268 | 1 Funkwerk | 1 X2300 | 2011-03-07 | 7.8 HIGH | N/A |
| The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2006-1284 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2011-03-07 | 4.6 MEDIUM | N/A |
| The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local users to gain privileges or modify tasks. | |||||
| CVE-2006-1285 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2011-03-07 | 3.2 LOW | N/A |
| SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. | |||||
| CVE-2006-1287 | 1 Invision Power Services | 1 Invision Power Board | 2011-03-07 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. | |||||
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2011-03-07 | 7.2 HIGH | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
| CVE-2006-0912 | 1 Oreka | 1 Oreka | 2011-03-07 | 5.0 MEDIUM | N/A |
| Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence." | |||||
| CVE-2006-0915 | 1 Mozilla | 1 Bugzilla | 2011-03-07 | 7.5 HIGH | N/A |
| Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. | |||||
| CVE-2006-0930 | 1 Argosoft | 1 Argosoft Mail Server | 2011-03-07 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. | |||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2011-03-07 | 7.5 HIGH | N/A |
| Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | |||||
| CVE-2006-0951 | 1 Eset Software | 1 Nod32 Antivirus | 2011-03-07 | 7.2 HIGH | N/A |
| The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | |||||