Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1011 | 1 Peters Software | 1 Lettermerger | 2017-07-19 | 2.1 LOW | N/A |
| LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1012 | 1 Wordpress | 1 Wordpress | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | |||||
| CVE-2006-1019 | 1 Ukiweb | 1 Ukiboard | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, some of which reference a source URL that appears to be for an unrelated issue. | |||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2017-07-19 | 7.5 HIGH | N/A |
| JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | |||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
| CVE-2006-1031 | 1 Igenus | 1 Igenus Webmail | 2017-07-19 | 7.5 HIGH | N/A |
| config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | |||||
| CVE-2006-1033 | 1 Cpg-nuke | 1 Dragonfly Cms | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module. | |||||
| CVE-2006-1038 | 1 Van Dyke Technologies | 2 Securecrt, Securefx | 2017-07-19 | 10.0 HIGH | N/A |
| Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. | |||||
| CVE-2006-1046 | 1 Monopd | 1 Monopd | 2017-07-19 | 5.0 MEDIUM | N/A |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | |||||
| CVE-2006-1048 | 1 Joomla | 1 Joomla | 2017-07-19 | 5.0 MEDIUM | N/A |
| Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | |||||
| CVE-2006-1050 | 1 Kwik-pay | 1 Kwik-pay Payroll | 2017-07-19 | 2.1 LOW | N/A |
| ** DISPUTED ** Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers." | |||||
| CVE-2006-1051 | 1 Akarru | 1 Social Bookmarking Engine | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php. | |||||
| CVE-2006-1060 | 1 Xzgv | 1 Xzgv | 2017-07-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required. | |||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2017-07-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. | |||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | |||||
| CVE-2006-1064 | 1 Lurker | 1 Lurker | 2017-07-19 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1089 | 1 Punbb | 1 Punbb | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. | |||||