Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5130 | 1 Salims Softhouse | 1 Jaf Cms | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5197 | 1 Pdshoppro | 1 Pdshoppro | 2008-09-05 | 5.0 MEDIUM | N/A |
| PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb. | |||||
| CVE-2006-5195 | 1 Wheatblog | 1 Wheatblog | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4830 | 1 Blojsom | 1 Blojsom | 2008-09-05 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate. | |||||
| CVE-2006-4860 | 1 Limbo Cms | 1 Limbo Cms | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors. | |||||
| CVE-2006-4794 | 1 E107 | 1 E107 | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | |||||
| CVE-2006-4884 | 1 Idevspot | 1 Isupport | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4866 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. | |||||
| CVE-2006-4617 | 1 Vtiger | 1 Vtiger Crm | 2008-09-05 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | |||||
| CVE-2006-4711 | 1 Sage | 1 Sage | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. | |||||
| CVE-2006-4799 | 1 Xine | 1 Xine-lib | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | |||||
| CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2008-09-05 | 5.0 MEDIUM | N/A |
| The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-4499 | 1 Moderngigabyte | 1 Modernbill | 2008-09-05 | 5.0 MEDIUM | N/A |
| ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack. | |||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | |||||
| CVE-2006-4526 | 1 Devellion | 1 Cubecart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | |||||
| CVE-2006-4461 | 1 Paessler | 1 Ipcheck Server Monitor | 2008-09-05 | 10.0 HIGH | N/A |
| Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors. | |||||
| CVE-2006-4525 | 1 Devellion | 1 Cubecart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. | |||||
| CVE-2006-4186 | 1 Novell | 1 Edirectory | 2008-09-05 | 2.1 LOW | N/A |
| The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. | |||||
| CVE-2006-4185 | 1 Novell | 1 Edirectory | 2008-09-05 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. | |||||