Max CVSS 10.0 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2006-3264 2.6
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
18-10-2018 - 16:46 27-06-2006 - 21:05
CVE-2006-2323 5.1
Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite.php, (2) addsite.php, and (3) in.php. NOTE: The c
18-10-2018 - 16:39 12-05-2006 - 00:02
CVE-2006-4735 5.0
Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4736 7.5
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4737 7.5
SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4738 7.5
PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4739 2.6
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4740 5.0
Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4741 7.5
PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4742 4.3
Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4744 5.0
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4746 7.5
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4747 4.3
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4748 7.5
Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4751 6.8
Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4752 5.0
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.
17-10-2018 - 21:39 13-09-2006 - 22:07
CVE-2006-4757 4.6
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) li
17-10-2018 - 21:39 13-09-2006 - 23:07
CVE-2007-0352 9.3
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
16-10-2018 - 16:32 19-01-2007 - 01:28
CVE-2007-5026 5.0
dBlog CMS, probably 2.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing an admin password hash via a direct request for dblog.mdb.
15-10-2018 - 21:40 21-09-2007 - 19:17
CVE-2008-3680 5.0
The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet t
11-10-2018 - 20:49 14-08-2008 - 19:41
CVE-2011-0267 10.0
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0
17-08-2017 - 01:33 13-01-2011 - 19:00
Back to Top Mark selected
Back to Top