CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3001 CVE-2006-3366 XSS 2006-07-06 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".
3002 CVE-2006-3365 200 +Info 2006-07-06 2018-10-18
2.6
None Remote High Not required Partial None None
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
3003 CVE-2006-3356 DoS 2006-07-06 2017-07-19
2.6
None Remote High Not required None None Partial
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
3004 CVE-2006-3342 XSS 2006-07-03 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
3005 CVE-2006-3338 XSS 2006-07-03 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
3006 CVE-2006-3337 XSS 2006-07-03 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
3007 CVE-2006-3333 Sql XSS 2006-06-30 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.
3008 CVE-2006-3326 Dir. Trav. 2006-06-30 2017-07-19
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3009 CVE-2006-3320 XSS 2006-06-29 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
3010 CVE-2006-3313 XSS 2006-06-29 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.
3011 CVE-2006-3305 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.
3012 CVE-2006-3301 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.
3013 CVE-2006-3299 XSS 2006-06-28 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
3014 CVE-2006-3289 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
3015 CVE-2006-3284 XSS 2006-06-28 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
3016 CVE-2006-3278 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
3017 CVE-2006-3273 XSS 2006-06-28 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).
3018 CVE-2006-3265 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.
3019 CVE-2006-3264 XSS 2006-06-27 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
3020 CVE-2006-3258 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters.
3021 CVE-2006-3253 XSS 2006-06-27 2018-10-18
2.6
None Remote High Not required None Partial None
** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer."
3022 CVE-2006-3247 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3023 CVE-2006-3246 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
3024 CVE-2006-3245 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.
3025 CVE-2006-3241 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
3026 CVE-2006-3237 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
3027 CVE-2006-3235 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.
3028 CVE-2006-3230 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
3029 CVE-2006-3227 Bypass 2006-06-26 2018-10-18
2.6
None Remote High Not required None Partial None
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
3030 CVE-2006-3225 XSS 2006-06-26 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
3031 CVE-2006-3217 +Info 2006-06-23 2018-10-18
2.6
None Remote High Not required Partial None None
JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.
3032 CVE-2006-3174 XSS 2006-06-22 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
3033 CVE-2006-3160 XSS 2006-06-22 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
3034 CVE-2006-3159 2006-06-22 2017-07-19
2.1
None Local Low Not required Partial None None
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
3035 CVE-2006-3123 DoS Overflow 2006-08-07 2017-07-19
2.1
None Local Low Not required None None Partial
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
3036 CVE-2006-3073 XSS 2006-06-19 2018-10-30
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
3037 CVE-2006-3071 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
3038 CVE-2006-3063 XSS 2006-06-19 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
3039 CVE-2006-3062 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
3040 CVE-2006-3061 79 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
3041 CVE-2006-3050 Dir. Trav. 2006-06-16 2018-10-18
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.
3042 CVE-2006-3044 XSS 2006-06-16 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.
3043 CVE-2006-3043 XSS 2006-06-16 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.
3044 CVE-2006-3039 XSS 2006-06-15 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
3045 CVE-2006-3038 XSS 2006-06-15 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
3046 CVE-2006-3037 XSS 2006-06-15 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.
3047 CVE-2006-2997 XSS 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
3048 CVE-2006-2979 XSS 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.
3049 CVE-2006-2975 XSS Bypass 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.
3050 CVE-2006-2974 XSS 2006-06-12 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 (This Page)62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.