Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2556 | 1 Florian Amrhein | 1 Newsportal | 2011-03-08 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. | |||||
| CVE-2006-2609 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2011-03-08 | 5.1 MEDIUM | N/A |
| artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2011-03-08 | 4.6 MEDIUM | N/A |
| kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | |||||
| CVE-2006-2591 | 1 E107 | 1 E107 | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | |||||
| CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-2434 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2011-03-08 | 5.0 MEDIUM | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | |||||
| CVE-2006-2311 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. | |||||
| CVE-2006-2310 | 1 New Atlanta Communications | 2 Bluedragon Server, Bluedragon Server Jx | 2011-03-08 | 5.0 MEDIUM | N/A |
| BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. | |||||
| CVE-2006-2182 | 1 Albinator | 1 Albinator | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. | |||||
| CVE-2006-2184 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." | |||||
| CVE-2006-2294 | 1 Timobraun | 1 Dynamic Galerie | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal. | |||||
| CVE-2006-2003 | 1 Community Architect | 1 Community Architect Guestbook | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1846 | 1 Francisco Burzi | 1 Php-nuke | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. | |||||
| CVE-2006-1922 | 1 Sweetphp | 1 Totalcalendar | 2011-03-08 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | |||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2011-03-08 | 6.4 MEDIUM | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | |||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. | |||||
| CVE-2006-1692 | 1 Manic Web | 1 Mwnewsletter | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis. | |||||
| CVE-2006-1660 | 1 Softbiz | 1 Image Gallery | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||