Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1700 | 1 Aweb | 1 Scripts Seller | 2008-09-05 | 7.5 HIGH | N/A |
| Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | |||||
| CVE-2006-1674 | 1 Phpwebgallery | 1 Phpwebgallery | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. | |||||
| CVE-2006-1792 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337. | |||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2008-09-05 | 7.2 HIGH | N/A |
| vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. | |||||
| CVE-2006-1793 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. | |||||
| CVE-2006-1744 | 1 Joey Hess | 1 Bsdgames | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | |||||
| CVE-2006-1394 | 1 University Of Washington | 1 Pubcookie | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. | |||||
| CVE-2006-1164 | 1 Nodez | 1 Nodez | 2008-09-05 | 7.5 HIGH | N/A |
| Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. | |||||
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2006-1099 | 1 Logit | 1 Logit | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1436 | 1 Upoint | 1 At1 Event Publisher | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. | |||||
| CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1216 | 1 Runcms | 1 Runcms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-1437 | 1 Upoint | 1 At1 Event Publisher | 2008-09-05 | 5.0 MEDIUM | N/A |
| UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. | |||||
| CVE-2006-0892 | 1 Nocc | 1 Nocc | 2008-09-05 | 7.5 HIGH | N/A |
| NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities. | |||||
| CVE-2006-1005 | 1 Cactusoft | 1 Parodia | 2008-09-05 | 6.4 MEDIUM | N/A |
| agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-0942 | 1 Pwsphp | 1 Pwsphp | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. | |||||
| CVE-2006-1047 | 1 Joomla | 1 Joomla | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | |||||
| CVE-2006-0893 | 1 Nocc | 1 Nocc | 2008-09-05 | 5.0 MEDIUM | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. | |||||