| Max CVSS | 9.3 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3543 | 7.5 |
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and
|
11-04-2024 - 00:40 | 13-07-2006 - 00:05 | |
| CVE-2010-4165 | 4.9 |
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small v
|
13-02-2023 - 04:27 | 22-11-2010 - 13:00 | |
| CVE-2006-3546 | 5.0 |
Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463.
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-3557 | 5.0 |
MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-3550 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-3554 | 7.5 |
Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inje
|
18-10-2018 - 16:47 | 13-07-2006 - 00:05 | |
| CVE-2006-3474 | 7.5 |
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) eve
|
18-10-2018 - 16:47 | 10-07-2006 - 20:05 | |
| CVE-2006-3475 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.
|
18-10-2018 - 16:47 | 10-07-2006 - 20:05 | |
| CVE-2006-3161 | 7.5 |
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
|
18-10-2018 - 16:46 | 22-06-2006 - 22:06 | |
| CVE-2006-1302 | 9.3 |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnera
|
18-10-2018 - 16:31 | 13-07-2006 - 21:05 | |
| CVE-2007-0122 | 6.5 |
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.p
|
16-10-2018 - 16:31 | 09-01-2007 - 02:28 | |
| CVE-2007-4842 | 9.3 |
Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2008-3568 | 7.5 |
Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a
|
11-10-2018 - 20:48 | 10-08-2008 - 20:41 | |
| CVE-2006-3135 | 7.5 |
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the searc
|
20-07-2017 - 01:32 | 13-07-2006 - 21:05 | |
| CVE-2006-3673 | 5.0 |
nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error.
|
20-07-2017 - 01:32 | 18-07-2006 - 15:47 | |
| CVE-2006-3674 | 7.8 |
nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function.
|
20-07-2017 - 01:32 | 18-07-2006 - 15:47 | |
| CVE-2005-3403 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (
|
18-10-2016 - 03:35 | 01-11-2005 - 12:47 | |
| CVE-2005-3404 | 7.5 |
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
|
18-10-2016 - 03:35 | 01-11-2005 - 12:47 | |
| CVE-2005-3405 | 7.5 |
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection
|
18-10-2016 - 03:35 | 01-11-2005 - 12:47 |