Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-1046 | 1 Dem Trac | 1 Dem Trac | 2026-04-23 | N/A |
| Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | ||||
| CVE-2006-5185 | 1 Hamweather | 1 Hamweather | 2026-04-23 | N/A |
| Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function. | ||||
| CVE-2006-5193 | 1 Wikyblog | 1 Wikyblog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter. | ||||
| CVE-2006-5199 | 1 Adobe | 1 Contribute | 2026-04-23 | N/A |
| Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. | ||||
| CVE-2006-5203 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. | ||||
| CVE-2006-5209 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5210 | 1 Ciphertrust | 1 Ironmail | 2026-04-23 | N/A |
| Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/"). | ||||
| CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2026-04-23 | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | ||||
| CVE-2008-0708 | 1 Hp | 3 442084-b21, 442085-b21, Proliant | 2026-04-23 | N/A |
| HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection. | ||||
| CVE-2007-4879 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-23 | N/A |
| Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | ||||
| CVE-2007-0970 | 1 Webtester | 1 Webtester | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | ||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2026-04-23 | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | ||||
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2026-04-23 | N/A |
| The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | ||||
| CVE-2006-5600 | 1 Axalto | 1 Protiva | 2026-04-23 | N/A |
| Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. | ||||
| CVE-2006-5599 | 1 Oracle | 1 Apex | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. | ||||
| CVE-2006-5814 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5592 | 1 Pacos Drivers | 1 Pacpoll | 2026-04-23 | N/A |
| Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx". | ||||
| CVE-2006-5591 | 1 Pacos Drivers | 1 Pacpoll | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | ||||
| CVE-2006-4925 | 1 Openbsd | 1 Openssh | 2026-04-23 | N/A |
| packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. | ||||
| CVE-2009-3643 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2026-04-23 | N/A |
| Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728. | ||||