Total
285120 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | ||||
CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | ||||
CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2024-11-21 | N/A |
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | ||||
CVE-2006-2963 | 1 It-direkt | 1 Cabacos Web Cms | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter. | ||||
CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | ||||
CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2024-11-21 | N/A |
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
CVE-2006-2960 | 1 Joomla | 1 Joomla | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
CVE-2006-2959 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2024-11-21 | N/A |
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. | ||||
CVE-2006-2958 | 1 Filzip | 1 Filzip | 2024-11-21 | N/A |
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
CVE-2006-2957 | 1 Skoom | 1 I.list | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
CVE-2006-2956 | 1 Skoom | 1 I.list | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. | ||||
CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | ||||
CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2024-11-21 | N/A |
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | ||||
CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | ||||
CVE-2006-2952 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2024-11-21 | N/A |
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php. | ||||
CVE-2006-2951 | 1 Npds | 1 Npds | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. | ||||
CVE-2006-2950 | 1 Npds | 1 Npds | 2024-11-21 | N/A |
Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) header.php, (2) contact.php, or (3) forum_extender.php, which reveals the path in an error message. | ||||
CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | ||||
CVE-2006-2948 | 1 Alan Ward | 1 A-cart | 2024-11-21 | N/A |
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. | ||||
CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2024-11-21 | N/A |
Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. |