Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2017-07-19 | 4.3 MEDIUM | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | |||||
| CVE-2006-2895 | 1 Mediawiki | 1 Mediawiki | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | |||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | |||||
| CVE-2006-2910 | 1 Cowon America | 1 Jetaudio | 2017-07-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | |||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | |||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2017-07-19 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | |||||
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2017-07-19 | 5.0 MEDIUM | N/A |
| Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | |||||
| CVE-2006-2925 | 1 Ingate | 2 Ingate Firewall, Siparator | 2017-07-19 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality. | |||||
| CVE-2006-2926 | 1 Qbik | 1 Wingate | 2017-07-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | |||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2017-07-19 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | |||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2017-07-19 | 5.1 MEDIUM | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | |||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | |||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-19 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | |||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2017-07-19 | 5.0 MEDIUM | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | |||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | |||||
| CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | |||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | |||||
| CVE-2006-2958 | 1 Filzip | 1 Filzip | 2017-07-19 | 2.6 LOW | N/A |
| Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||