Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4161 | 1 Xennobb | 1 Xennobb | 2026-04-16 | N/A |
| Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter. | ||||
| CVE-2006-4163 | 1 Mywebland | 1 Minibloggie | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive | ||||
| CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2026-04-16 | N/A |
| Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script. | ||||
| CVE-2006-4178 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. | ||||
| CVE-2006-4186 | 1 Novell | 1 Edirectory | 2026-04-16 | N/A |
| The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. | ||||
| CVE-2005-2501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file. | ||||
| CVE-2003-0413 | 1 Sun | 1 One Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message. | ||||
| CVE-2006-4190 | 1 Php-nuke | 1 Autohtml Module | 2026-04-16 | N/A |
| Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation. | ||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | ||||
| CVE-2006-4194 | 1 Cisco | 8 Pix Firewall 501, Pix Firewall 506, Pix Firewall 515 and 5 more | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands, a different issue than CVE-2006-4032. NOTE: the vendor, after working with the researcher, has been unable to reproduce the issue | ||||
| CVE-2006-2237 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. | ||||
| CVE-2006-4201 | 1 Hp | 1 Openview Storage Data Protector | 2026-04-16 | N/A |
| Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation. | ||||
| CVE-2006-4212 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2026-04-16 | N/A |
| SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2005-2608 | 1 Safehtml | 1 Safehtml | 2026-04-16 | N/A |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. | ||||
| CVE-2005-2770 | 1 Wrq | 1 Wrq Reflection For Secure It Windows Server | 2026-04-16 | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authentication has been configured, which allows remote attackers to use the original names during login. | ||||
| CVE-2006-4217 | 1 Webinsta | 1 Webinsta Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in modules/usersonline/users.php in WEBInsta CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the module_dir parameter, a different vulnerability than CVE-2006-4196. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4224 | 1 Vwar | 1 Virtual War | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009. | ||||
| CVE-2006-4228 | 1 Symantec Veritas | 1 Netbackup Puredisk Remote Office Edition | 2026-04-16 | N/A |
| Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. | ||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2026-04-16 | N/A |
| The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. | ||||
| CVE-2006-4236 | 1 Powergap | 2 Powergap Business, Powergap Lite | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | ||||