Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6072 | 1 Bpg-infotech | 2 Easy Publisher, Smart Publisher Pro | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-6055 | 1 D-link | 1 Dwl-g132 | 2011-03-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). | |||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5986 | 1 Extreme Cms | 1 Extreme Cms | 2011-03-08 | 6.8 MEDIUM | N/A |
| admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5910 | 1 Campware.org | 1 Campsite | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/. | |||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2011-03-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5726 | 1 Sun | 1 Solaris | 2011-03-08 | 4.9 MEDIUM | N/A |
| alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. | |||||
| CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 2.6 LOW | N/A |
| QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | |||||
| CVE-2006-5466 | 2 Rpm, Ubuntu | 2 Package Manager, Ubuntu Linux | 2011-03-08 | 5.4 MEDIUM | N/A |
| Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages. | |||||
| CVE-2006-5642 | 1 Nmnlogger | 1 Nmnlogger | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers. | |||||
| CVE-2006-5500 | 1 Xchangeboard | 1 Xchangeboard | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5709 | 1 Alt-n | 1 Mdaemon | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | |||||
| CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2011-03-08 | 5.1 MEDIUM | N/A |
| pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2011-03-08 | 6.5 MEDIUM | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | |||||
| CVE-2006-5722 | 1 Middlebury College | 1 Segue Cms | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5423 | 1 Lou Portail | 1 Lou Portail | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2011-03-08 | 4.6 MEDIUM | N/A |
| IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||||
| CVE-2006-5809 | 1 Jonathon J. Freeman | 1 Ovbb | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors. | |||||
| CVE-2006-5564 | 1 Maxdev | 1 Md-pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||