Total
284768 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2568 | 1 Ubbcentral | 1 Ubb.threads | 2024-11-21 | N/A |
| PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | ||||
| CVE-2006-2567 | 1 Alstrasoft | 1 Article Manager Pro | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. | ||||
| CVE-2006-2566 | 1 Alstrasoft | 1 Article Manager Pro | 2024-11-21 | N/A |
| Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | ||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2024-11-21 | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | ||||
| CVE-2006-2564 | 1 Alstrasoft | 1 E-friends | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. | ||||
| CVE-2006-2563 | 1 Php | 1 Php | 2024-11-21 | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | ||||
| CVE-2006-2562 | 1 Zyxel | 1 P-335wt Router | 2024-11-21 | N/A |
| ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2024-11-21 | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2560 | 1 Sitecom | 2 Wl-153, Wl-153 Router Firmware | 2024-11-21 | N/A |
| Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2559 | 1 Linksys | 2 Wrt54g, Wrt54g V5 | 2024-11-21 | N/A |
| Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | ||||
| CVE-2006-2557 | 1 Florian Amrhein | 1 Newsportal | 2024-11-21 | N/A |
| PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | ||||
| CVE-2006-2556 | 1 Florian Amrhein | 1 Newsportal | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-2555 | 1 Genecys | 1 Genecys | 2024-11-21 | N/A |
| The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference. | ||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2024-11-21 | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | ||||
| CVE-2006-2553 | 1 Jemscripts | 1 Downloadcontrol | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector. | ||||
| CVE-2006-2552 | 1 Jemscripts | 1 Downloadcontrol | 2024-11-21 | N/A |
| Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php. | ||||
| CVE-2006-2551 | 1 Hp | 1 Hp-ux | 2024-11-21 | N/A |
| Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors. | ||||
| CVE-2006-2550 | 1 Perlpodder | 1 Perlpodder | 2024-11-21 | N/A |
| perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548. | ||||
| CVE-2006-2549 | 1 Pdf Tools Ag | 1 Pdf Form Filling And Flattening Tool | 2024-11-21 | N/A |
| Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names. | ||||