260051
|
5.5 |
MEDIUM
|
qbik
|
wingate
|
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of othe…
|
NVD-CWE-Other
|
CVE-2006-2917
|
2011-03-8 11:37 |
2006-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260052
|
5.0 |
MEDIUM
|
dmx_forum
|
dmx_forum
|
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
|
NVD-CWE-Other
|
CVE-2006-2946
|
2011-03-8 11:37 |
2006-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260053
|
4.3 |
MEDIUM
|
skoom
|
i.list
|
Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) …
|
NVD-CWE-Other
|
CVE-2006-2956
|
2011-03-8 11:37 |
2006-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260054
|
7.5 |
HIGH
|
enterprise_payroll_systems
|
enterprise_payroll_systems
|
PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter…
|
NVD-CWE-Other
|
CVE-2006-2983
|
2011-03-8 11:37 |
2006-06-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260055
|
5.8 |
MEDIUM
|
myscrapbook
|
myscrapbook
|
Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) comment param…
|
NVD-CWE-Other
|
CVE-2006-3035
|
2011-03-8 11:37 |
2006-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260056
|
6.5 |
MEDIUM
|
subtext
|
subtext
|
Unspecified vulnerability in the admin login feature in Subtext 1.5, in a multiblog setup, allows remote administrators of one blog to login to another blog.
|
NVD-CWE-Other
|
CVE-2006-3046
|
2011-03-8 11:37 |
2006-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260057
|
6.8 |
MEDIUM
|
cescripts
|
event_registration_2checkout event_registration_corporate event_registration_paypal event_registration_rsvp
|
Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_ev…
|
NVD-CWE-Other
|
CVE-2006-3052
|
2011-03-8 11:37 |
2006-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260058
|
4.3 |
MEDIUM
|
cescripts
|
car_classifieds
|
Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this inform…
|
NVD-CWE-Other
|
CVE-2006-3088
|
2011-03-8 11:37 |
2006-06-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260059
|
7.5 |
HIGH
|
brian_wotring
|
osiris
|
Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack ve…
|
NVD-CWE-Other
|
CVE-2006-3120
|
2011-03-8 11:37 |
2006-08-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260060
|
7.5 |
HIGH
|
julian_pawlowski
|
capi4hylafax
|
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
|
NVD-CWE-Other
|
CVE-2006-3126
|
2011-03-8 11:37 |
2006-09-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260061
|
4.3 |
MEDIUM
|
php
|
directory_listing_script
|
Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
|
NVD-CWE-Other
|
CVE-2006-2419
|
2011-03-8 11:36 |
2006-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260062
|
4.3 |
MEDIUM
|
php
|
directory_listing_script
|
The vulnerability has been confirmed in the latest available version of this product. Other versions may also be affected.
|
NVD-CWE-Other
|
CVE-2006-2419
|
2011-03-8 11:36 |
2006-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260063
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".
|
NVD-CWE-noinfo
|
CVE-2006-2429
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260064
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
|
NVD-CWE-Other
|
CVE-2006-2430
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260065
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
|
NVD-CWE-Other
|
CVE-2006-2432
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260066
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".
|
NVD-CWE-noinfo
|
CVE-2006-2433
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260067
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the tr…
|
NVD-CWE-Other
|
CVE-2006-2434
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260068
|
6.4 |
MEDIUM
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] …
|
NVD-CWE-noinfo
|
CVE-2006-2435
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260069
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privil…
|
NVD-CWE-Other
|
CVE-2006-2436
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260070
|
5.0 |
MEDIUM
|
caucho_technology
|
resin
|
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
|
NVD-CWE-Other
|
CVE-2006-2437
|
2011-03-8 11:36 |
2006-05-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260071
|
4.6 |
MEDIUM
|
kphone
|
kphone
|
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
|
NVD-CWE-Other
|
CVE-2006-2442
|
2011-03-8 11:36 |
2006-05-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260072
|
7.5 |
HIGH
|
s9y
|
serendipity
|
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
|
NVD-CWE-Other
|
CVE-2006-2495
|
2011-03-8 11:36 |
2006-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260073
|
5.0 |
MEDIUM
|
fckeditor
|
fckeditor
|
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file t…
|
NVD-CWE-Other
|
CVE-2006-2529
|
2011-03-8 11:36 |
2006-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260074
|
5.1 |
MEDIUM
|
xtreme_scripts
|
xtreme_topsites
|
Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php …
|
NVD-CWE-Other
|
CVE-2006-2544
|
2011-03-8 11:36 |
2006-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260075
|
5.8 |
MEDIUM
|
florian_amrhein
|
newsportal
|
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via un…
|
NVD-CWE-Other
|
CVE-2006-2556
|
2011-03-8 11:36 |
2006-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260076
|
6.4 |
MEDIUM
|
e107
|
e107
|
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2006-2590
|
2011-03-8 11:36 |
2006-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260077
|
5.0 |
MEDIUM
|
e107
|
e107
|
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
|
NVD-CWE-Other
|
CVE-2006-2591
|
2011-03-8 11:36 |
2006-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260078
|
5.1 |
MEDIUM
|
artmedic_webdesign
|
artmedic_newsletter
|
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to ne…
|
NVD-CWE-Other
|
CVE-2006-2609
|
2011-03-8 11:36 |
2006-05-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260079
|
7.2 |
HIGH
|
ibm
|
aix
|
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
|
NVD-CWE-Other
|
CVE-2006-2647
|
2011-03-8 11:36 |
2006-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260080
|
5.0 |
MEDIUM
|
mono suse
|
xsp suse_open_enterprise_server suse_linux
|
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arb…
|
NVD-CWE-Other
|
CVE-2006-2658
|
2011-03-8 11:36 |
2006-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260081
|
6.4 |
MEDIUM
|
albinator
|
albinator
|
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in t…
|
NVD-CWE-Other
|
CVE-2006-2182
|
2011-03-8 11:35 |
2006-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260082
|
4.3 |
MEDIUM
|
chadha_software_technologies
|
phpkb_knowledge_base
|
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was ori…
|
NVD-CWE-Other
|
CVE-2006-2184
|
2011-03-8 11:35 |
2006-05-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260083
|
6.8 |
MEDIUM
|
timobraun
|
dynamic_galerie
|
Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this…
|
NVD-CWE-Other
|
CVE-2006-2294
|
2011-03-8 11:35 |
2006-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260084
|
5.0 |
MEDIUM
|
new_atlanta_communications
|
bluedragon_server bluedragon_server_jx
|
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) c…
|
NVD-CWE-Other
|
CVE-2006-2310
|
2011-03-8 11:35 |
2006-06-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260085
|
5.0 |
MEDIUM
|
new_atlanta_communications
|
bluedragon_server bluedragon_server_jx
|
This vulnerability is addressed in the following product release:
New Atlanta Communications, BlueDragon Server, 6.2.1.309
|
NVD-CWE-Other
|
CVE-2006-2310
|
2011-03-8 11:35 |
2006-06-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260086
|
2.6 |
LOW
|
new_atlanta_communications
|
bluedragon_server bluedragon_server_jx
|
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1)…
|
NVD-CWE-Other
|
CVE-2006-2311
|
2011-03-8 11:35 |
2006-06-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260087
|
2.6 |
LOW
|
updi_network_enterprise
|
at1_event_publisher
|
Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of…
|
NVD-CWE-Other
|
CVE-2006-1795
|
2011-03-8 11:34 |
2006-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260088
|
6.4 |
MEDIUM
|
digium
|
asterisk
|
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but trigg…
|
NVD-CWE-Other
|
CVE-2006-1827
|
2011-03-8 11:34 |
2006-04-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260089
|
4.3 |
MEDIUM
|
francisco_burzi
|
php-nuke
|
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in t…
|
NVD-CWE-Other
|
CVE-2006-1846
|
2011-03-8 11:34 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260090
|
6.4 |
MEDIUM
|
sweetphp
|
totalcalendar
|
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
|
NVD-CWE-Other
|
CVE-2006-1922
|
2011-03-8 11:34 |
2006-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260091
|
4.3 |
MEDIUM
|
community_architect
|
community_architect_guestbook
|
Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed …
|
NVD-CWE-Other
|
CVE-2006-2003
|
2011-03-8 11:34 |
2006-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260092
|
5.0 |
MEDIUM
|
vihor
|
vihordesign
|
Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.
|
NVD-CWE-Other
|
CVE-2006-1497
|
2011-03-8 11:33 |
2006-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260093
|
5.0 |
MEDIUM
|
basic_analysis_and_security_engine
|
base
|
base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the st…
|
NVD-CWE-Other
|
CVE-2006-1505
|
2011-03-8 11:33 |
2006-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260094
|
5.0 |
MEDIUM
|
basic_analysis_and_security_engine
|
base
|
Succesful exploitation requires that the product is running in standalone mode.
|
NVD-CWE-Other
|
CVE-2006-1505
|
2011-03-8 11:33 |
2006-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260095
|
7.2 |
HIGH
|
sun
|
grid_engine n1_grid_engine
|
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-2006-1506
|
2011-03-8 11:33 |
2006-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260096
|
7.2 |
HIGH
|
sun
|
grid_engine n1_grid_engine
|
This vulnerability affects Sun Microsystems, Sun Grid Engine 5.3 before 20060327 & N1 Grid Engine 6.0 before 20060327.
|
NVD-CWE-Other
|
CVE-2006-1506
|
2011-03-8 11:33 |
2006-03-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260097
|
7.5 |
HIGH
|
abcmidi
|
abcmidi
|
Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflo…
|
NVD-CWE-Other
|
CVE-2006-1514
|
2011-03-8 11:33 |
2006-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260098
|
7.5 |
HIGH
|
typespeed
|
typespeed
|
Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-Other
|
CVE-2006-1515
|
2011-03-8 11:33 |
2006-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260099
|
6.8 |
MEDIUM
|
php
|
php_script_index
|
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
NVD-CWE-Other
|
CVE-2006-1558
|
2011-03-8 11:33 |
2006-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260100
|
7.5 |
HIGH
|
php
|
php_script_index
|
SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details ar…
|
NVD-CWE-Other
|
CVE-2006-1559
|
2011-03-8 11:33 |
2006-03-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|