Total
29872 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used | ||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2025-04-09 | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | ||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2025-04-09 | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | ||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2025-04-09 | N/A |
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | ||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2025-04-09 | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | ||||
| CVE-2006-6892 | 1 Jonathon Freeman | 1 Ovbb | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. | ||||
| CVE-2006-6903 | 1 Toshiba | 1 Bluetooth | 2025-04-09 | N/A |
| Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2006-6906 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. | ||||
| CVE-2006-6907 | 1 Bluesoil Bluetooth | 1 Bluesoil Bluetooth | 2025-04-09 | N/A |
| Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors. | ||||
| CVE-2006-6908 | 2 Broadcom, Microsoft | 3 Widcomm Bluetooth, Windows Embedded Compact, Windows Mobile | 2025-04-09 | N/A |
| Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-6909 | 1 Karl Dahlke | 1 Edbrowse | 2025-04-09 | N/A |
| Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names. | ||||
| CVE-2006-6911 | 1 Digitizing Quote And Ordering System | 1 Digitizing Quote And Ordering System | 2025-04-09 | N/A |
| SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter. | ||||
| CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-09 | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | ||||
| CVE-2006-6914 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | ||||
| CVE-2006-6915 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | ||||
| CVE-2006-6922 | 1 Deadlock User Management System | 1 Deadlock User Management System | 2025-04-09 | N/A |
| SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6923 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | N/A |
| SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | ||||
| CVE-2006-6925 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. | ||||
| CVE-2006-6927 | 1 Grandora | 1 Rialto | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||