Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2563 | 1 Php | 1 Php | 2017-07-19 | 2.1 LOW | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | |||||
| CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2017-07-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2017-07-19 | 5.1 MEDIUM | N/A |
| admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | |||||
| CVE-2006-2581 | 1 Rwiki | 1 Rwiki | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-2582 | 1 Rwiki | 1 Rwiki | 2017-07-19 | 7.5 HIGH | N/A |
| The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. | |||||
| CVE-2006-2585 | 1 Greg Donald | 1 Destiney Links Script | 2017-07-19 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2586 | 1 Iplogger | 1 Iplogger | 2017-07-19 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | |||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-2006-2614 | 1 Sun | 1 N1 System Manager | 2017-07-19 | 4.6 MEDIUM | N/A |
| Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | |||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2017-07-19 | 4.0 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | |||||
| CVE-2006-2649 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2017-07-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. | |||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | |||||
| CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. | |||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 6.4 MEDIUM | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-2676 | 1 Sitescape | 1 Sitescape Forum | 2017-07-19 | 5.0 MEDIUM | N/A |
| Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames. | |||||
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2017-07-19 | 5.0 MEDIUM | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | |||||
| CVE-2006-2679 | 1 Cisco | 1 Vpn Client | 2017-07-19 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. | |||||
| CVE-2006-2681 | 1 Socketmail | 1 Socketmail | 2017-07-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php. | |||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2017-07-19 | 4.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | |||||