Search Results (Refine Search)

Search Parameters:
There are 147,980 matching records.
Displaying matches 129,441 through 129,460.
Vuln ID Summary CVSS Severity
CVE-2006-3382

Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string".

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-3383

Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-3384

SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3385

Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-3386

index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3387

Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3388

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-3389

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3390

WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3391

The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3392

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3393

Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-3394

SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3395

PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3396

PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-3397

Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-3398

The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3399

Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-3400

Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3401

Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH