Total
29877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2025-04-09 | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2025-04-09 | N/A |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | ||||
| CVE-2006-5944 | 1 Mginternet | 1 Car Site Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2006-5943 | 1 Website Designs For Less | 1 Inventory Manager | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in inventory/display/imager.asp in Website Designs for Less Inventory Manager allow remote attackers to execute arbitrary SQL commands via the (1) pictable, (2) picfield, or (3) where parameter. | ||||
| CVE-2006-5936 | 1 Sitexpress | 1 Sitexpress E-commerce System | 2025-04-09 | N/A |
| SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5934 | 1 Iexpress | 1 Estate Agent Manager | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. | ||||
| CVE-2006-5927 | 1 Asp Scripter | 2 Easy Portal, Live Support | 2025-04-09 | N/A |
| SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal 1.4 and Live Support 1.3 allows remote attackers to execute arbitrary SQL commands via the Password parameter. | ||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5922 | 1 Wheatblog | 1 Wheatblog | 2025-04-09 | N/A |
| index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. | ||||
| CVE-2006-5918 | 1 Php Rapid Kill | 1 Php Rapid Kill | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. | ||||
| CVE-2006-5916 | 1 Intego | 1 Virusbarrier | 2025-04-09 | N/A |
| Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files. | ||||
| CVE-2007-5355 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2025-04-09 | N/A |
| The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2006-5914 | 1 Samedia | 1 Landshop | 2025-04-09 | N/A |
| SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018. | ||||
| CVE-2006-5911 | 1 Campware.org | 1 Campsite | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/. | ||||
| CVE-2006-5505 | 1 Ben3w | 1 2bgal | 2025-04-09 | N/A |
| Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5501 | 1 Aol | 1 Aol | 2025-04-09 | N/A |
| Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | ||||
| CVE-2006-5742 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | N/A |
| The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". | ||||
| CVE-2006-5388 | 1 Webspell | 1 Webspell | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783. | ||||
| CVE-2006-5392 | 1 Opendoc | 1 Fullcore | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts. | ||||