Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3971 | 1 Scott Weedon | 1 Ajax Chat | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | |||||
| CVE-2006-3972 | 1 Scott Weedon | 1 Ajax Chat | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter. | |||||
| CVE-2006-3974 | 1 3com | 1 3cr860-95 | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | |||||
| CVE-2006-3978 | 1 Adobe | 1 Coldfusion | 2017-07-19 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-3979 | 1 Macromedia | 1 Coldfusion | 2017-07-19 | 7.2 HIGH | N/A |
| The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | |||||
| CVE-2006-3981 | 1 Mambo | 1 Mambo Gallery Manager | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4002 | 1 Drupal | 1 Drupal | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information. | |||||
| CVE-2006-4005 | 1 Bomberclone | 1 Bomberclone | 2017-07-19 | 5.0 MEDIUM | N/A |
| BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown. | |||||
| CVE-2006-4006 | 1 Bomberclone | 1 Bomberclone | 2017-07-19 | 5.0 MEDIUM | N/A |
| The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory. | |||||
| CVE-2006-4013 | 1 Symantec | 1 Brightmail Antispam | 2017-07-19 | 7.6 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2006-4044 | 1 Brad Fears | 1 Phpcodecabinet | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. | |||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4048 | 1 Netious Cms | 1 Netious Cms | 2017-07-19 | 7.5 HIGH | N/A |
| Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4049 | 1 Sun | 1 Ray Server Software | 2017-07-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. | |||||
| CVE-2006-4056 | 2 The Address Book, The Address Book Reloaded | 2 The Address Book, The Address Book Reloaded | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information. | |||||
| CVE-2006-4067 | 1 Cakefoundation | 1 Cakephp | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4083 | 1 Mywebland | 1 Myevent | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||