Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1843 1 Cynical Games 1 Shoutbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1849 1 Skymarx Solutions 1 Xflow 2025-04-03 N/A
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
CVE-2006-1850 1 Skymarx Solutions 1 Xflow 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.
CVE-2006-1894 1 Revoboard 1 Revoboard 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant.
CVE-2006-1903 1 Userland 1 Manila 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769.
CVE-2006-1906 1 Jjgan852 1 Phplister 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1909 1 Coppermine 1 Coppermine Photo Gallery 2025-04-03 N/A
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.
CVE-2006-1924 1 Linpha 1 Linpha 2025-04-03 N/A
SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-1928 1 Cisco 1 Ios Xr 2025-04-03 N/A
Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531.
CVE-2006-1933 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.
CVE-2006-1934 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
CVE-2006-1936 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.
CVE-2006-1292 1 Php Icalendar 1 Php Icalendar 2025-04-03 N/A
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
CVE-2006-1293 1 Astalavista It Engineering 1 Contrexx 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF).
CVE-2006-4605 1 Longino 1 Jacome Php-revista 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
CVE-2006-1939 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2025-04-03 N/A
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.
CVE-2006-1956 2 Joomla, Mambo 2 Joomla, Mambo 2025-04-03 N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
CVE-2006-1960 1 Cisco 1 Wireless Lan Solution Engine 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
CVE-2006-1963 1 Pcpin 1 Pcpin Chat 2025-04-03 N/A
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
CVE-2006-1964 1 Aspsitem 1 Aspsitem 2025-04-03 N/A
SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.