Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3150 | 1 Cavoxcms | 1 Cavoxcms | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2006-2070 | 1 Mybb | 1 Devbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action. | ||||
| CVE-2006-2088 | 1 Devsyn | 1 Open Bulletin Board | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php). | ||||
| CVE-2006-2096 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | N/A |
| plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message. | ||||
| CVE-2006-2100 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2025-04-03 | N/A |
| Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | ||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2025-04-03 | N/A |
| Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | ||||
| CVE-2006-2828 | 1 Php-nuke | 1 Ev | 2025-04-03 | N/A |
| Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. | ||||
| CVE-2006-2840 | 1 Pmwiki | 1 Pmwiki | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2006-2842 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable | ||||
| CVE-2006-2846 | 1 Visiongate | 1 Visiongate Portal System | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3421 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162. | ||||
| CVE-2006-2856 | 1 Activestate | 1 Activeperl | 2025-04-03 | N/A |
| ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2859 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in MyBloggie 2.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie_root_path parameter to (1) admin.php or (2) scode.php. NOTE: this issue has been disputed in multiple third party followups, which say that the MyBloggie source code does not demonstrate the issue, so it might be the result of another module. CVE analysis as of 20060605 agrees with the dispute. In addition, scode.php is not part of the MyBloggie distribution | ||||
| CVE-2006-2871 | 1 Cyboards | 1 Cyboards Php Lite | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value | ||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | ||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2025-04-03 | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | ||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | ||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||