Total
29312 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5780 | 1 Xlink Technology | 1 Omni-nfs Server | 2024-11-21 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm. | |||||
| CVE-2006-5778 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2024-11-21 | 4.6 MEDIUM | N/A |
| ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | |||||
| CVE-2006-5777 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5776 | 1 Ariadne | 1 Ariadne Cms | 2024-11-21 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusions in Ariadne 2.4.1 allows remote attackers to execute arbitrary PHP code via the ariadne parameter in (1) ftp/loader.php and (2) lib/includes/loader.cmd.php. NOTE: this issue is disputed by CVE, since installation instructions recommend that the files be placed outside of the web document root and require the administrator to modify $ariadne in an include file. | |||||
| CVE-2006-5775 | 1 Funkboard | 1 Funkboard | 2024-11-21 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. | |||||
| CVE-2006-5774 | 1 Hyper Nikki System | 1 Hyper Nikki System | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-5773 | 1 Freewebshop | 1 Freewebshop | 2024-11-21 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter. | |||||
| CVE-2006-5772 | 1 Freewebshop | 1 Freewebshop | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | |||||
| CVE-2006-5771 | 1 Arkoon | 1 Ssl360 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5770 | 1 Ac4p | 1 Ac4p Mobile | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php. | |||||
| CVE-2006-5769 | 1 Fixpunkt Gmbh | 1 Admin.tool Cms 3 | 2024-11-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. | |||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | |||||
| CVE-2006-5766 | 1 Article System | 1 Article System | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | |||||
| CVE-2006-5765 | 1 Article Script | 1 Article Script | 2024-11-21 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2006-5763 | 1 Free Php Scripts | 2 Free File Hosting, Free Image Hosting | 2024-11-21 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. NOTE: the original provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting. Vector 1 also affects Free Image Hosting 2.0, which contains the same code. | |||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. | |||||
| CVE-2006-5760 | 1 Phpdynasite | 1 Phpdynasite | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | |||||
| CVE-2006-5759 | 1 Rhadrix | 1 If-cms | 2024-11-21 | 5.0 MEDIUM | N/A |
| index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message. | |||||
| CVE-2006-5755 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | N/A |
| Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task. | |||||
| CVE-2006-5754 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | N/A |
| The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. | |||||