| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-2564 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sen
|
18-10-2018 - 16:40 | 24-05-2006 - 20:02 | |
| CVE-2006-2536 | 5.8 |
Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields.
|
18-10-2018 - 16:40 | 22-05-2006 - 23:10 | |
| CVE-2006-2533 | 5.8 |
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via
|
18-10-2018 - 16:40 | 22-05-2006 - 23:10 | |
| CVE-2006-2480 | 5.1 |
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE:
|
03-10-2018 - 21:41 | 19-05-2006 - 21:02 | |
| CVE-2006-6848 | 7.5 |
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
|
19-10-2017 - 01:29 | 31-12-2006 - 05:00 | |
| CVE-2006-2570 | 7.5 |
PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwri
|
19-10-2017 - 01:29 | 24-05-2006 - 23:02 | |
| CVE-2006-2569 | 7.5 |
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
19-10-2017 - 01:29 | 24-05-2006 - 23:02 | |
| CVE-2006-2568 | 5.1 |
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
|
19-10-2017 - 01:29 | 24-05-2006 - 23:02 | |
| CVE-2000-0977 | 5.0 |
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
|
10-10-2017 - 01:29 | 19-12-2000 - 05:00 | |
| CVE-2008-4621 | 7.5 |
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
29-09-2017 - 01:32 | 21-10-2008 - 01:18 | |
| CVE-2006-2796 | 6.8 |
Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.
|
20-07-2017 - 01:31 | 03-06-2006 - 01:02 |