Total
29893 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4684 | 1 Zope | 1 Zope | 2026-04-16 | N/A |
| The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | ||||
| CVE-2006-4821 | 1 Drupal | 1 Drupal Userreview Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2004-0526 | 1 Microsoft | 4 Ie, Internet Explorer, Outlook and 1 more | 2026-04-16 | N/A |
| Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2006-4825 | 1 Softcomplex | 1 Php Event Calendar | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters. | ||||
| CVE-2004-0529 | 1 Cluecentral | 1 Suexec.patch | 2026-04-16 | N/A |
| The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490. | ||||
| CVE-2006-4835 | 1 Bluview | 1 Blue Magic Board | 2026-04-16 | N/A |
| Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages. | ||||
| CVE-2004-0530 | 1 Slackware | 1 Slackware Linux | 2026-04-16 | N/A |
| The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path. | ||||
| CVE-2004-0533 | 1 Businessobjects | 2 Infoview, Webintelligence | 2026-04-16 | N/A |
| Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client. | ||||
| CVE-2006-4852 | 1 Quadcomm | 1 Q-shop | 2026-04-16 | N/A |
| SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter. | ||||
| CVE-2006-4856 | 1 Roller Weblogger | 1 Roller Weblogger | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do. | ||||
| CVE-2004-0541 | 2 National Science Foundation, Redhat | 2 Squid Web Proxy Cache, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). | ||||
| CVE-2006-4875 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. | ||||
| CVE-2004-0544 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. | ||||
| CVE-2006-4877 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. | ||||
| CVE-2004-0549 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. | ||||
| CVE-2006-4880 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. | ||||
| CVE-2006-4910 | 1 Cisco | 2 Ids Sensor Software, Ips Sensor Software | 2026-04-16 | N/A |
| The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. | ||||
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2004-0559 | 3 Mandrakesoft, Usermin, Webmin | 4 Mandrake Linux, Mandrake Linux Corporate Server, Usermin and 1 more | 2026-04-16 | N/A |
| The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | ||||
| CVE-2006-4923 | 1 Esyndicat Portal System | 1 Esyndicat Portal System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. | ||||