Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0409 | 1 Pixelpost | 1 Photoblog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. | ||||
| CVE-2006-0410 | 1 John Lim | 1 Adodb | 2025-04-03 | N/A |
| SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | ||||
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2025-04-03 | N/A |
| claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | ||||
| CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | ||||
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | ||||
| CVE-2006-0439 | 1 Text Rider | 1 Text Rider | 2025-04-03 | N/A |
| Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. | ||||
| CVE-2006-0470 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. | ||||
| CVE-2006-0473 | 1 My Little Homepage | 1 My Little Weblog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0554 | 1 Linux | 1 Linux Kernel | 2025-04-03 | N/A |
| Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data. | ||||
| CVE-2006-0536 | 1 Neomail | 1 Neomail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort". | ||||
| CVE-2006-0537 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2025-04-03 | N/A |
| Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument. | ||||
| CVE-2006-0572 | 1 Hinton Design | 1 Phpstatus | 2025-04-03 | N/A |
| phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | ||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | ||||
| CVE-2006-0598 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | N/A |
| Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file. | ||||
| CVE-2006-0600 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-03 | N/A |
| elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request. | ||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2025-04-03 | N/A |
| check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2025-04-03 | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | ||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. | ||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters. | ||||
| CVE-2006-0694 | 1 Ansilove | 1 Ansilove | 2025-04-03 | N/A |
| Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". | ||||