Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2017-07-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2974 | 1 Emailarchitect | 1 Email Server | 2017-07-19 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. | |||||
| CVE-2006-2976 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors. | |||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | |||||
| CVE-2006-2987 | 1 Dominios Europa | 1 Picrate | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | |||||
| CVE-2006-2990 | 1 Vanillasoft | 1 Vanillasoft Helpdesk | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. | |||||
| CVE-2006-2993 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp. | |||||
| CVE-2006-2999 | 1 Okscripts | 1 Quicklinks | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-3000 | 1 Okscripts | 1 Okarticles | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkArticles 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2017-07-19 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | |||||
| CVE-2006-3002 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2017-07-19 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | |||||
| CVE-2006-3003 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2017-07-19 | 4.3 MEDIUM | N/A |
| details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | |||||
| CVE-2006-3004 | 1 Scriptsez | 1 Ez Ringtone Manager | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in player.php and (2) keyword parameter when performing a search. | |||||
| CVE-2006-3005 | 1 Gentoo | 2 Linux, Media-libs Jpeg | 2017-07-19 | 5.0 MEDIUM | N/A |
| The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. | |||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | |||||
| CVE-2006-3009 | 1 Aliacom | 1 Open Business Management | 2017-07-19 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php. | |||||
| CVE-2006-3010 | 1 Aliacom | 1 Open Business Management | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php. | |||||
| CVE-2006-3011 | 1 Php | 1 Php | 2017-07-19 | 4.6 MEDIUM | N/A |
| The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. | |||||