Total
29935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | ||||
| CVE-2006-3007 | 1 Nullsoft | 1 Shoutcast Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. | ||||
| CVE-2006-3623 | 1 Mcafee | 1 Epolicy Orchestrator Agent | 2026-04-16 | N/A |
| Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request. | ||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2026-04-16 | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | ||||
| CVE-2005-3741 | 1 Almondsoft | 1 Almond Classifieds | 2026-04-16 | N/A |
| Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | ||||
| CVE-2006-3023 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. | ||||
| CVE-2006-0819 | 1 Gnome | 1 Dwarf Http Server | 2026-04-16 | N/A |
| Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | ||||
| CVE-2006-2098 | 1 Php Thumbnail Autoindex | 1 Php Thumbnail Autoindex | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html. | ||||
| CVE-2006-3957 | 1 Bosdev | 1 Bosdates | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. | ||||
| CVE-2006-3637 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | ||||
| CVE-2005-3752 | 1 Ldapdiff | 1 Ldapdiff | 2026-04-16 | N/A |
| Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". | ||||
| CVE-2006-3031 | 1 Fipsasp | 1 Fipscms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters. | ||||
| CVE-2006-2121 | 1 I-rater | 1 I-rater Platinum | 2026-04-16 | N/A |
| PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929. | ||||
| CVE-2006-2132 | 1 Duware | 1 Duclassified | 2026-04-16 | N/A |
| SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3049 | 1 Mole Group Ticket Booking Script | 1 Mole Group Ticket Booking Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php. | ||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-2143 | 1 Jcink | 1 Textfilebb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. | ||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2026-04-16 | N/A |
| Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | ||||
| CVE-2006-2155 | 1 Emc | 1 Retrospect | 2026-04-16 | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | ||||