Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | ||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | ||||
| CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. | ||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. | ||||
| CVE-2006-0235 | 1 White Angle | 1 White Album | 2026-04-16 | N/A |
| SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php. | ||||
| CVE-2006-1159 | 1 Efs Software | 1 Efs Web Server | 2026-04-16 | N/A |
| Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. | ||||
| CVE-2006-1160 | 1 Efs Software | 1 Efs Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file. | ||||
| CVE-2006-0237 | 1 Gtp | 1 Icommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1161 | 1 Efs Software | 1 Efs Web Server | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. | ||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | ||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | ||||
| CVE-2006-0241 | 1 Webmobo | 1 Wbnews | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field. | ||||
| CVE-2006-3002 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | ||||
| CVE-2006-0242 | 1 Php Fusebox | 1 Php Fusebox | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter. | ||||
| CVE-2006-3003 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2026-04-16 | N/A |
| details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | ||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2026-04-16 | N/A |
| Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root | ||||
| CVE-2006-1176 | 1 Ebay | 1 Enhanced Picture Services | 2026-04-16 | N/A |
| Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | ||||
| CVE-2006-0245 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152. | ||||
| CVE-2006-0856 | 1 Scriptme | 1 Sme Gb Host | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. | ||||
| CVE-2006-0853 | 1 Truenorth Software | 1 Ia Emailserver | 2026-04-16 | N/A |
| Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument. | ||||