Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3305 | 1 Uebimiau | 1 Uebimiau | 2017-07-19 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. | |||||
| CVE-2006-3306 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-3307 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. | |||||
| CVE-2006-3308 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). | |||||
| CVE-2006-3315 | 1 Rahnemaco | 1 Rahnemaco | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter. | |||||
| CVE-2006-3316 | 1 Spiffyjr | 1 Phpraid | 2017-07-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116. | |||||
| CVE-2006-3321 | 1 2enetworx | 1 Openforum | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters. | |||||
| CVE-2006-3326 | 1 Joesph Leung | 1 Quickzip | 2017-07-19 | 2.6 LOW | N/A |
| Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3327 | 1 E-cbd.biz | 1 Custom Dating Biz Dating Script | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php. | |||||
| CVE-2006-3328 | 1 Starflow Software | 1 Hostflow | 2017-07-19 | 5.8 MEDIUM | N/A |
| new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs. | |||||
| CVE-2006-3332 | 1 Phpoutsourcing | 1 Zorum | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters. | |||||
| CVE-2006-3333 | 1 Phpoutsourcing | 1 Zorum | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection. | |||||
| CVE-2006-3338 | 1 Atlassian | 1 Jira | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | |||||
| CVE-2006-3339 | 1 Atlassian | 1 Jira | 2017-07-19 | 5.0 MEDIUM | N/A |
| secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message. | |||||
| CVE-2006-3342 | 1 Olate | 1 Arctic | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. | |||||
| CVE-2006-3348 | 1 Swsoft | 1 Hspcomplete | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php. | |||||
| CVE-2006-3356 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 2.6 LOW | N/A |
| The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. | |||||
| CVE-2006-3361 | 1 Stud.ip | 1 Stud.ip | 2017-07-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php. | |||||
| CVE-2006-3372 | 1 Apple | 1 Safari | 2017-07-19 | 5.0 MEDIUM | N/A |
| Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | |||||
| CVE-2006-3379 | 1 Hiki Wiki | 1 Hiki Wiki | 2017-07-19 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | |||||