Max CVSS 7.5 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2006-3331 5.0
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
28-02-2022 - 16:14 30-06-2006 - 23:05
CVE-2006-3324 5.0
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, a
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3299 2.6
Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
18-10-2018 - 16:46 29-06-2006 - 01:05
CVE-2006-3335 7.2
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.
18-10-2018 - 16:46 03-07-2006 - 01:05
CVE-2006-3323 7.5
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3329 7.5
SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3317 5.1
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006
18-10-2018 - 16:46 29-06-2006 - 21:05
CVE-2006-3325 5.0
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Au
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3322 5.1
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
18-10-2018 - 16:46 30-06-2006 - 20:05
CVE-2006-3319 4.3
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.
18-10-2018 - 16:46 30-06-2006 - 01:05
CVE-2006-3318 5.1
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
18-10-2018 - 16:46 29-06-2006 - 21:05
CVE-2006-3330 6.8
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly
18-10-2018 - 16:46 30-06-2006 - 23:05
CVE-2006-3320 2.6
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
18-10-2018 - 16:46 30-06-2006 - 01:05
CVE-2006-3078 7.5
Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.
18-10-2018 - 16:45 19-06-2006 - 10:02
CVE-2007-0150 7.5
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
16-10-2018 - 16:31 09-01-2007 - 18:28
CVE-2007-4822 4.3
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parame
15-10-2018 - 21:38 11-09-2007 - 19:17
CVE-2011-1074 1.9
crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.
09-10-2018 - 19:30 04-03-2011 - 23:00
CVE-2011-1073 1.9
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of fi
09-10-2018 - 19:30 04-03-2011 - 23:00
CVE-2008-3491 7.5
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
29-09-2017 - 01:31 06-08-2008 - 17:41
CVE-2006-3315 7.5
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.
20-07-2017 - 01:32 29-06-2006 - 19:05
CVE-2005-3330 7.5
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web p
11-07-2017 - 01:33 27-10-2005 - 10:02
Back to Top Mark selected
Back to Top