Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0086 | 1 Next Generation Image Gallery | 1 Next Generation Image Gallery | 2011-03-07 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-0089 | 1 Esri | 1 Arcpad | 2011-03-07 | 5.0 MEDIUM | N/A |
| Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. | |||||
| CVE-2006-0090 | 1 Idv Directory Viewer | 1 Idv Directory Viewer | 2011-03-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter. | |||||
| CVE-2006-0093 | 1 Ecardmax.com | 1 Atcard Me Php | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-0109 | 1 Modular Merchant | 1 Shopping Cart | 2011-03-07 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2006-0112 | 1 Enhanced Simple Php Gallery | 1 Enhanced Simple Php Gallery | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-0122 | 1 Aquifer Cms | 1 Aquifer Cms | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. | |||||
| CVE-2006-0125 | 1 Appserv Open Project | 1 Appserv | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. | |||||
| CVE-2006-0126 | 1 Rxvt-unicode | 1 Rxvt-unicode | 2011-03-07 | 4.6 MEDIUM | N/A |
| rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | |||||
| CVE-2006-0127 | 1 Rockliffe | 1 Mailsite | 2011-03-07 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. | |||||
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2011-03-07 | 5.0 MEDIUM | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | |||||
| CVE-2006-0158 | 1 Cyberdoc | 1 Sitesuite Cms | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2006-0185 | 1 Php-nuke | 2 News Module, Pool Module | 2011-03-07 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | |||||
| CVE-2006-0201 | 1 Paypal | 1 Php Toolkit | 2011-03-07 | 5.0 MEDIUM | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. | |||||
| CVE-2006-0202 | 1 Paypal | 1 Php Toolkit | 2011-03-07 | 3.6 LOW | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | |||||
| CVE-2006-0313 | 1 Pdfdirectory | 1 Pdfdirectory | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | |||||
| CVE-2006-0314 | 1 Pdfdirectory | 1 Pdfdirectory | 2011-03-07 | 7.5 HIGH | N/A |
| PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. | |||||
| CVE-2005-4324 | 1 Hitachi | 1 Groupmax Mail Smtp | 2011-03-07 | 7.8 HIGH | N/A |
| Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format." | |||||
| CVE-2005-4328 | 1 University Of Arizona | 1 Webglimpse | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2005-4329 | 1 Php Arena | 1 Pafiledb | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter. | |||||