Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2503 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | ||||
| CVE-2006-2540 | 1 Dieselscripts | 1 Diesel Job Site | 2025-04-03 | N/A |
| Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | ||||
| CVE-2006-2566 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-03 | N/A |
| Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | ||||
| CVE-2006-2591 | 1 E107 | 1 E107 | 2025-04-03 | N/A |
| Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | ||||
| CVE-2006-2637 | 1 Tuttophp | 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter. | ||||
| CVE-2006-2638 | 1 Qjstudios | 1 Qjforum | 2025-04-03 | N/A |
| SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. | ||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2025-04-03 | N/A |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | ||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | ||||
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2025-04-03 | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | ||||
| CVE-2006-2699 | 1 Geeklog | 1 Geeklog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action. | ||||
| CVE-2006-2701 | 1 Geeklog | 1 Geeklog | 2025-04-03 | N/A |
| SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission. | ||||
| CVE-2006-2703 | 1 Suse | 1 Suse Linux | 2025-04-03 | N/A |
| The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. | ||||
| CVE-2006-2704 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | N/A |
| Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information. | ||||
| CVE-2006-2705 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2025-04-03 | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages. | ||||
| CVE-2006-2740 | 1 Epic Designs | 1 Tinybb | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors. | ||||
| CVE-2006-2741 | 1 Epic Designs | 1 Tinybb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. | ||||
| CVE-2006-2742 | 1 Drupal | 1 Drupal | 2025-04-03 | N/A |
| SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | ||||