Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0833 | 1 Boonex | 1 Barracuda Directory | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0835 | 1 Mitridat | 1 Web Calendar Pro | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. | |||||
| CVE-2006-0842 | 1 Calacode | 1 Atmail Webmail System | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2017-07-19 | 5.0 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | |||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2017-07-19 | 7.5 HIGH | N/A |
| Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | |||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2017-07-19 | 6.5 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | |||||
| CVE-2006-0846 | 1 Leif M. Wright | 1 Web Blog | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | |||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | |||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 5.1 MEDIUM | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | |||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
| CVE-2006-0872 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | |||||
| CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-19 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | |||||
| CVE-2006-0874 | 1 Intensive Point | 1 Iuser Ecommerce | 2017-07-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (from January 8, 2005) is too vague to be sure, and CVE-2006-0854 does not provide version information. | |||||
| CVE-2006-0883 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2017-07-19 | 5.0 MEDIUM | N/A |
| OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | |||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. | |||||
| CVE-2006-0886 | 1 Dev | 1 Dev Web Management System | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0887 | 1 Phplib Team | 1 Phplib | 2017-07-19 | 7.5 HIGH | N/A |
| Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory. | |||||
| CVE-2006-0889 | 1 Brown Bear Software | 1 Calcium | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0891 | 1 Nocc | 1 Nocc | 2017-07-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php. | |||||