Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | ||||
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | ||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2025-04-03 | N/A |
| Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | ||||
| CVE-2006-2862 | 1 Particle Soft | 1 Particle Gallery | 2025-04-03 | N/A |
| SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. | ||||
| CVE-2006-2874 | 1 Osads Alliance Database | 1 Osads Alliance Database | 2025-04-03 | N/A |
| Unspecified vulnerability in OSADS Alliance Database before 1.4 has unknown impact and attack vectors related to a "Security Leak to lock in HTML-Code," possibly due to a cross-site scripting (XSS) vulnerability involving comments. | ||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | ||||
| CVE-2002-2034 | 1 John Hardin | 1 Procmail Email Sanitizer | 2025-04-03 | N/A |
| The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments. | ||||
| CVE-2004-0275 | 1 Bosdev | 1 Bosdates | 2025-04-03 | N/A |
| SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter. | ||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2025-04-03 | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | ||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2025-04-03 | N/A |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. | ||||
| CVE-2002-2035 | 1 Realityscape | 1 Mylogin 2000 | 2025-04-03 | N/A |
| SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form. | ||||
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | ||||
| CVE-2006-2971 | 1 Overkill | 1 Overkill | 2025-04-03 | N/A |
| Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function. | ||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2025-04-03 | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | ||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2025-04-03 | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | ||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | ||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2025-04-03 | N/A |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. | ||||
| CVE-2002-2044 | 1 Xqus | 1 X-stat | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action. | ||||
| CVE-2004-0278 | 1 Ratbag | 5 Dirt Track Racing, Dirt Track Racing Australia, Dirt Track Racing Sprint Cars and 2 more | 2025-04-03 | N/A |
| Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data. | ||||
| CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2025-04-03 | N/A |
| MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message. | ||||