CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3251 CVE-2006-3289 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL".
3252 CVE-2006-3284 XSS 2006-06-28 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
3253 CVE-2006-3278 XSS 2006-06-28 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
3254 CVE-2006-3273 XSS 2006-06-28 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).
3255 CVE-2006-3265 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.
3256 CVE-2006-3264 XSS 2006-06-27 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
3257 CVE-2006-3258 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters.
3258 CVE-2006-3253 XSS 2006-06-27 2018-10-18
2.6
None Remote High Not required None Partial None
** DISPUTED ** Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer."
3259 CVE-2006-3247 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3260 CVE-2006-3246 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.
3261 CVE-2006-3245 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.
3262 CVE-2006-3241 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
3263 CVE-2006-3237 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
3264 CVE-2006-3235 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.
3265 CVE-2006-3230 XSS 2006-06-27 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
3266 CVE-2006-3227 Bypass 2006-06-26 2018-10-18
2.6
None Remote High Not required None Partial None
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
3267 CVE-2006-3225 XSS 2006-06-26 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
3268 CVE-2006-3217 +Info 2006-06-23 2018-10-18
2.6
None Remote High Not required Partial None None
JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.
3269 CVE-2006-3174 XSS 2006-06-22 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
3270 CVE-2006-3160 XSS 2006-06-22 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
3271 CVE-2006-3159 2006-06-22 2017-07-19
2.1
None Local Low Not required Partial None None
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
3272 CVE-2006-3123 DoS Overflow 2006-08-07 2017-07-19
2.1
None Local Low Not required None None Partial
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
3273 CVE-2006-3073 XSS 2006-06-19 2018-10-30
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher.
3274 CVE-2006-3071 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
3275 CVE-2006-3063 XSS 2006-06-19 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
3276 CVE-2006-3062 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
3277 CVE-2006-3061 79 XSS 2006-06-19 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
3278 CVE-2006-3050 Dir. Trav. 2006-06-16 2018-10-18
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.
3279 CVE-2006-3044 XSS 2006-06-16 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.
3280 CVE-2006-3043 XSS 2006-06-16 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.
3281 CVE-2006-3039 XSS 2006-06-15 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
3282 CVE-2006-3038 XSS 2006-06-15 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
3283 CVE-2006-3037 XSS 2006-06-15 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.
3284 CVE-2006-2997 XSS 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
3285 CVE-2006-2979 XSS 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.
3286 CVE-2006-2975 XSS Bypass 2006-06-12 2018-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.
3287 CVE-2006-2974 XSS 2006-06-12 2017-07-19
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.
3288 CVE-2006-2967 Bypass 2006-06-12 2018-10-18
2.1
None Local Low Not required None None Partial
Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file.
3289 CVE-2006-2958 Dir. Trav. 2006-06-12 2017-07-19
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
3290 CVE-2006-2920 20 Bypass 2006-06-08 2018-08-13
2.6
None Remote High Not required None Partial None
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
3291 CVE-2006-2913 XSS 2006-06-09 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.
3292 CVE-2006-2903 XSS 2006-06-08 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
3293 CVE-2006-2897 XSS 2006-06-07 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.
3294 CVE-2006-2895 XSS 2006-06-07 2017-07-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.
3295 CVE-2006-2891 XSS 2006-06-07 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.
3296 CVE-2006-2833 XSS 2006-06-05 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
3297 CVE-2006-2832 XSS 2006-06-05 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
3298 CVE-2006-2789 DoS 2006-06-02 2010-04-02
2.6
None Remote High Not required None None Partial
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
3299 CVE-2006-2786 2006-06-02 2018-10-18
2.6
None Remote High Not required None Partial None
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
3300 CVE-2006-2766 DoS Overflow 2006-06-02 2018-10-18
2.6
None Remote High Not required None None Partial
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
Total number of vulnerabilities : 4610   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 (This Page)67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.