Max CVSS | 9.3 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-6935 | 7.5 |
SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.
|
14-02-2024 - 01:17 | 16-01-2007 - 23:28 | |
CVE-2006-6934 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.
|
14-02-2024 - 01:17 | 16-01-2007 - 23:28 | |
CVE-2006-3260 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
18-10-2018 - 16:46 | 27-06-2006 - 21:05 | |
CVE-2006-4584 | 7.5 |
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
|
17-10-2018 - 21:38 | 06-09-2006 - 22:04 | |
CVE-2006-4586 | 5.5 |
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil
|
17-10-2018 - 21:38 | 06-09-2006 - 22:04 | |
CVE-2006-4598 | 7.5 |
Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
CVE-2006-4585 | 9.0 |
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attac
|
17-10-2018 - 21:38 | 06-09-2006 - 22:04 | |
CVE-2006-4597 | 7.5 |
SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
CVE-2006-4612 | 7.5 |
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
CVE-2006-4614 | 4.9 |
PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
CVE-2006-4591 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/pa
|
17-10-2018 - 21:38 | 06-09-2006 - 22:04 | |
CVE-2006-4547 | 6.5 |
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQ
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
CVE-2006-4546 | 6.5 |
Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
CVE-2006-4544 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstd
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
CVE-2006-4459 | 7.5 |
Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
|
17-10-2018 - 21:37 | 06-09-2006 - 00:04 | |
CVE-2007-4751 | 1.9 |
RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in unencrypted temporary files, which allows local users to obtain sensitive information by reading the temporary files.
|
15-10-2018 - 21:37 | 18-09-2007 - 21:17 | |
CVE-2007-4750 | 9.3 |
Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.
|
15-10-2018 - 21:37 | 18-09-2007 - 21:17 | |
CVE-2008-3514 | 5.0 |
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then ma
|
11-10-2018 - 20:48 | 13-08-2008 - 12:42 | |
CVE-2010-2709 | 9.3 |
Stack-based buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long OvJavaLocale value in a cookie.
|
17-08-2017 - 01:32 | 05-08-2010 - 18:17 | |
CVE-2006-4564 | 5.1 |
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. Successful exploitation requires privileges to add a new board.
|
20-07-2017 - 01:33 | 06-09-2006 - 01:04 | |
CVE-2005-3501 | 4.3 |
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero le
|
14-07-2011 - 04:00 | 05-11-2005 - 11:02 |