Search Results (Refine Search)

Search Parameters:
There are 162,607 matching records.
Displaying matches 145,481 through 145,500.
Vuln ID Summary CVSS Severity
CVE-2006-1961

Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1962

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1963

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.5 MEDIUM
CVE-2006-1964

SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1965

Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-1966

An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1967

Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1968

Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2006-1969

Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1970

Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-1971

Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-1972

Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut EasyGallery allows remote attackers to inject arbitrary web script or HTML via the ordner parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-1973

Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1974

SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1975

Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1976

Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field.

Published: April 21, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1941

Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.

Published: April 20, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1942

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."

Published: April 20, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-1943

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.

Published: April 20, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1944

Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.

Published: April 20, 2006; 6:02:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW