Vulnerabilities (CVE)

Filter

125263 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-7010 1 Joomla 1 Joomla 2008-09-05 7.5
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
CVE-2006-7009 1 Joomla 1 Joomla 2008-09-05 7.5
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2006-7008 1 Joomla 1 Joomla 2008-09-05 7.5
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
CVE-2006-7006 1 Robin De Graff 1 Somery 2008-09-05 7.5
** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability...
CVE-2006-7005 1 Php Script Tools 1 Psy Auction 2008-09-05 7.5
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7004 1 Php Script Tools 1 Psy Auction 2008-09-05 6.8
Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2006-7003 1 Fusionphp 1 Fusion Polls 2008-09-05 7.5
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
CVE-2006-7001 1 Phpmychat Plus 1 Phpmychat Plus 2008-09-05 7.1
Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this...
CVE-2006-7000 1 Headstart Solutions 1 Deskpro 2008-09-05 5.0
Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and...
CVE-2006-6999 1 Headstart Solutions 1 Deskpro 2008-09-05 4.3
attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.
CVE-2006-6997 1 Mailenable 2 Mailenable Standard, Mailenable Enterprise 2008-09-05 10.0
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack...
CVE-2006-6974 1 Headstart Solutions 1 Deskpro 2008-09-05 7.5
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request...
CVE-2006-6973 1 Headstart Solutions 1 Deskpro 2008-09-05 7.5
Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php;...
CVE-2006-6971 1 Mozilla 1 Firefox 2008-09-05 5.0
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer,...
CVE-2006-6948 1 Myodbc 1 Myodbc 2008-09-05 7.8
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
CVE-2006-6947 1 Nec 1 Multiwriter 1700c 2008-09-05 7.8
The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
CVE-2006-6946 1 Nec 1 Multiwriter 1700c 2008-09-05 7.5
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
CVE-2006-6926 1 Extremail 1 Extremail 2008-09-05 10.0
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6918 1 Geobb 1 Geobb 2008-09-05 10.0
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
CVE-2006-6916 1 Getahead 1 Direct Web Remoting 2008-09-05 7.5
Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."