| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3794 | 7.5 |
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection cod
|
17-05-2024 - 00:29 | 24-07-2006 - 12:19 | |
| CVE-2006-3705 | 10.0 |
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliab
|
18-10-2018 - 16:49 | 21-07-2006 - 14:03 | |
| CVE-2006-3175 | 7.5 |
Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire
|
18-10-2018 - 16:46 | 23-06-2006 - 00:02 | |
| CVE-2006-3827 | 6.5 |
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3829 | 5.0 |
Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a del
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3828 | 6.5 |
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters,
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3826 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in regist
|
17-10-2018 - 21:31 | 25-07-2006 - 13:22 | |
| CVE-2006-3795 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3799 | 7.5 |
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3793 | 5.1 |
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3790 | 5.0 |
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3797 | 7.5 |
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3792 | 7.5 |
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3791 | 5.0 |
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate suffici
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3788 | 7.5 |
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::r
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3800 | 4.3 |
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3796 | 7.5 |
DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "sp
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3789 | 7.5 |
Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3798 | 5.0 |
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leadi
|
17-10-2018 - 21:30 | 24-07-2006 - 12:19 | |
| CVE-2006-3765 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.ph
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
| CVE-2006-3761 | 4.3 |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
| CVE-2006-3757 | 5.0 |
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
| CVE-2006-3737 | 4.3 |
Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the file parameter.
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
| CVE-2007-0155 | 7.5 |
HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.
|
16-10-2018 - 16:31 | 09-01-2007 - 18:28 | |
| CVE-2007-4843 | 5.8 |
Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a S
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2007-4844 | 4.3 |
X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error r
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
| CVE-2008-3574 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (
|
11-10-2018 - 20:48 | 10-08-2008 - 20:41 | |
| CVE-2010-4321 | 9.3 |
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
|
21-09-2011 - 04:00 | 30-12-2010 - 19:00 | |
| CVE-2005-2930 | 5.1 |
Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different
|
02-08-2011 - 04:00 | 28-10-2005 - 21:02 |