CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2006-1803 Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. | N/A | NONE | — | 0 |
| CVE-2006-1804 SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | N/A | NONE | — | 0 |
| CVE-2006-1805 SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | N/A | NONE | — | 0 |
| CVE-2006-1808 Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | N/A | NONE | — | 0 |
| CVE-2006-1809 index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message. | N/A | NONE | — | 0 |
| CVE-2006-1810 Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website N... | N/A | NONE | — | 0 |
| CVE-2006-1811 Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (... | N/A | NONE | — | 0 |
| CVE-2006-1812 phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | N/A | NONE | — | 0 |
| CVE-2006-2268 SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably in... | N/A | NONE | — | 0 |
| CVE-2006-1813 Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | N/A | NONE | — | 0 |
| CVE-2006-1814 NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. | N/A | NONE | — | 0 |
| CVE-2006-1815 Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname a... | N/A | NONE | — | 0 |
| CVE-2006-1816 PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExCo... | N/A | NONE | — | 0 |
| CVE-2006-1817 SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (... | N/A | NONE | — | 0 |
| CVE-2006-1820 Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directo... | N/A | NONE | — | 0 |
| CVE-2006-1821 Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | N/A | NONE | — | 0 |
| CVE-2006-1822 Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | N/A | NONE | — | 0 |
| CVE-2006-1823 Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the f... | N/A | NONE | — | 0 |
| CVE-2006-1824 Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment... | N/A | NONE | — | 0 |
| CVE-2006-1826 Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) k... | N/A | NONE | — | 0 |
| CVE-2006-1753 A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | N/A | NONE | — | 0 |
| CVE-2006-1827 Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but trigge... | N/A | NONE | — | 0 |
| CVE-2006-1247 rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | N/A | NONE | — | 0 |
| CVE-2006-1828 SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php12... | N/A | NONE | — | 0 |
| CVE-2006-1829 EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection c... | N/A | NONE | — | 0 |
| CVE-2006-1830 Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2006-1831 Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in t... | N/A | NONE | — | 0 |
| CVE-2006-1832 sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | N/A | NONE | — | 0 |
| CVE-2006-2563 The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | N/A | NONE | — | 0 |
| CVE-2006-1870 Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are ... | N/A | NONE | — | 0 |
| CVE-2006-1871 SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log ... | N/A | NONE | — | 0 |
| CVE-2006-1872 Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. | N/A | NONE | — | 0 |
| CVE-2006-1873 Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08. | N/A | NONE | — | 0 |
| CVE-2006-1874 Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed ... | N/A | NONE | — | 0 |
| CVE-2006-1897 Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other inv... | N/A | NONE | — | 0 |
| CVE-2006-1898 Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action ... | N/A | NONE | — | 0 |
| CVE-2006-1899 Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | N/A | NONE | — | 0 |
| CVE-2006-1900 Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1)... | N/A | NONE | — | 0 |
| CVE-2006-2286 Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code vi... | N/A | NONE | — | 0 |
| CVE-2006-1901 Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might ... | N/A | NONE | — | 0 |
| CVE-2006-1902 fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_... | N/A | NONE | — | 0 |
| CVE-2006-1903 Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2... | N/A | NONE | — | 0 |
| CVE-2006-1904 Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | N/A | NONE | — | 0 |
| CVE-2006-1905 Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a pla... | N/A | NONE | — | 0 |
| CVE-2006-2287 Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile. | N/A | NONE | — | 0 |
| CVE-2006-1906 Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | N/A | NONE | — | 0 |
| CVE-2006-1907 Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter ... | N/A | NONE | — | 0 |
| CVE-2006-1908 Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information... | N/A | NONE | — | 0 |
| CVE-2006-1909 Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular ex... | N/A | NONE | — | 0 |
| CVE-2006-1910 config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this informat... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.