CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15701 CVE-2006-1660 XSS 2006-04-07 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
15702 CVE-2006-1659 Exec Code Sql 2006-04-07 2018-10-18
6.4
None Remote Low Not required None Partial Partial
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
15703 CVE-2006-1655 Overflow 2006-04-06 2010-04-02
6.5
User Remote Low Single system Partial Partial Partial
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.
15704 CVE-2006-1645 Exec Code XSS 2006-04-06 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.
15705 CVE-2006-1625 XSS 2006-04-05 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
15706 CVE-2006-1622 XSS 2006-04-05 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php.
15707 CVE-2006-1585 Exec Code Sql 2006-04-02 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php.
15708 CVE-2006-1584 2006-04-02 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
15709 CVE-2006-1581 Dir. Trav. 2006-04-02 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter.
15710 CVE-2006-1578 Exec Code Sql 2006-04-02 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.
15711 CVE-2006-1577 XSS 2006-04-02 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
15712 CVE-2006-1575 XSS 2006-04-02 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.
15713 CVE-2006-1562 XSS 2006-03-31 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) autor, (2) www, (3) temat, and (4) tresc parameters.
15714 CVE-2006-1558 XSS 2006-03-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
15715 CVE-2006-1556 XSS 2006-03-31 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.
15716 CVE-2006-1520 Exec Code 2006-05-22 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.
15717 CVE-2006-1518 Exec Code Overflow 2006-05-05 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
15718 CVE-2006-1507 XSS 2006-03-29 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php.
15719 CVE-2006-1485 2006-03-28 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
15720 CVE-2006-1481 Exec Code Sql 2006-03-28 2017-10-18
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
15721 CVE-2006-1448 Exec Code 2006-05-12 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.
15722 CVE-2006-1445 Exec Code Overflow 2006-05-12 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."
15723 CVE-2006-1443 Exec Code 2006-05-12 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions.
15724 CVE-2006-1438 XSS 2006-04-03 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.
15725 CVE-2006-1435 XSS 2006-04-03 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).
15726 CVE-2006-1434 XSS 2006-04-03 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter).
15727 CVE-2006-1369 XSS 2006-03-23 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
15728 CVE-2006-1367 200 +Info 2006-03-23 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.
15729 CVE-2006-1346 Dir. Trav. 2006-03-21 2017-10-10
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
15730 CVE-2006-1334 Exec Code Sql 2006-03-20 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
15731 CVE-2006-1333 Exec Code Sql 2006-03-20 2017-07-20
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
15732 CVE-2006-1332 +Info 2006-03-20 2017-07-19
6.4
None Remote Low Not required Partial None Partial
Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.
15733 CVE-2006-1331 XSS 2006-03-20 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.
15734 CVE-2006-1325 XSS 2006-03-20 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
15735 CVE-2006-1324 XSS 2006-03-20 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
15736 CVE-2006-1319 2006-03-20 2017-07-19
6.2
Admin Local High Not required Complete Complete Complete
chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
15737 CVE-2006-1313 Exec Code Mem. Corr. 2006-06-13 2019-04-30
6.8
User Remote Medium Not required Partial Partial Partial
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
15738 CVE-2006-1278 89 Exec Code Sql 2006-03-19 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.
15739 CVE-2006-1269 Exec Code Overflow 2006-03-18 2017-07-19
6.2
Admin Local High Not required Complete Complete Complete
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
15740 CVE-2006-1249 189 Exec Code Overflow 2006-03-18 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
15741 CVE-2006-1221 Exec Code 2006-03-14 2018-10-18
6.2
Admin Local High Not required Complete Complete Complete
Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.
15742 CVE-2006-1163 XSS Dir. Trav. 2006-03-12 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability.
15743 CVE-2006-1161 Exec Code 2006-03-12 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
15744 CVE-2006-1146 Exec Code Overflow 2006-03-10 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server.
15745 CVE-2006-1145 Exec Code 2006-03-10 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients.
15746 CVE-2006-1139 2006-03-09 2018-10-04
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.
15747 CVE-2006-1128 Dir. Trav. 2006-03-09 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
15748 CVE-2006-1126 2006-03-09 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
15749 CVE-2006-1122 XSS 2006-03-09 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
15750 CVE-2006-1121 XSS 2006-03-09 2018-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.