Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket.
Published Jun 23, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across sessions.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request.
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to create arbitrary accounts via the "[NR]" sequence in the signature field, which is used to separate multiple records.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set.
Published Jun 24, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
Published Jun 26, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).
Published Jun 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters.
Published Jun 30, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
Published Jun 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.
Published Jun 29, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
Published Jun 27, 2006 · Updated Aug 7, 2024