Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2017-07-28 | 5.0 MEDIUM | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | |||||
| CVE-2006-7040 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2017-07-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service. | |||||
| CVE-2006-7041 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2017-07-28 | 7.8 HIGH | N/A |
| The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. | |||||
| CVE-2006-7043 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-07-28 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery. | |||||
| CVE-2006-7044 | 1 Cmpro Team | 1 Clan Manager Pro | 2017-07-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
| CVE-2006-7049 | 1 Wikkawiki | 1 Wikkawiki | 2017-07-28 | 7.5 HIGH | N/A |
| The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files. | |||||
| CVE-2006-7050 | 1 Wikkawiki | 1 Wikkawiki | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php. | |||||
| CVE-2006-7052 | 1 Keith Reichley | 1 Dotwidget For Articles | 2017-07-28 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php. | |||||
| CVE-2006-7053 | 1 Arkoon | 1 Fast360 | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted." | |||||
| CVE-2006-7054 | 1 Arkoon | 1 Fast360 | 2017-07-28 | 7.8 HIGH | N/A |
| The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite. | |||||
| CVE-2006-7059 | 1 Scriptsez.net | 1 E-dating System | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | |||||
| CVE-2006-7062 | 1 Kmail | 1 Kmail | 2017-07-28 | 7.8 HIGH | N/A |
| calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | |||||
| CVE-2006-7064 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-28 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | |||||
| CVE-2006-7073 | 1 Opentools | 1 Attachment Mod | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2017-07-28 | 7.5 HIGH | N/A |
| admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | |||||
| CVE-2003-1524 | 1 Pgpi | 1 Pgpdisk | 2017-07-28 | 6.3 MEDIUM | N/A |
| PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. | |||||
| CVE-2003-1525 | 1 My Photo Gallery | 1 My Photo Gallery | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors. | |||||
| CVE-2003-1529 | 1 Seagull Software Systems | 1 J Walk Application Server | 2017-07-28 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | |||||
| CVE-2003-1531 | 1 Lilikoi | 1 Ceilidh | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2003-1536 | 1 Dcp-portal | 1 Dcp-portal | 2017-07-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php. | |||||