Total
29935 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0183 | 1 Acal | 1 Calendar Project | 2026-04-16 | N/A |
| Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. | ||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2026-04-16 | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | ||||
| CVE-2006-4718 | 1 Korviblog | 1 Korviblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. | ||||
| CVE-2006-0217 | 1 Ultimate Auction | 1 Ultimate Auction | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1. | ||||
| CVE-2006-4722 | 1 Openbb | 1 Openbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php. | ||||
| CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2026-04-16 | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | ||||
| CVE-2006-0234 | 1 Microblog | 1 Microblog | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. | ||||
| CVE-2006-4723 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. | ||||
| CVE-2006-4726 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. | ||||
| CVE-2006-0254 | 2 Apache, Redhat | 3 Geronimo, Network Satellite, Rhel Application Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | ||||
| CVE-1999-0033 | 5 Ibm, Ncr, Sco and 2 more | 7 Aix, Mp-ras, Open Desktop and 4 more | 2026-04-16 | N/A |
| Command execution in Sun systems via buffer overflow in the at program. | ||||
| CVE-1999-0076 | 1 Washington University | 1 Wu-ftpd | 2026-04-16 | N/A |
| Buffer overflow in wu-ftp from PASV command causes a core dump. | ||||
| CVE-1999-0125 | 3 Redhat, Sgi, Sun | 4 Linux, Irix, Solaris and 1 more | 2026-04-16 | N/A |
| Buffer overflow in SGI IRIX mailx program. | ||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. | ||||
| CVE-2006-1257 | 1 Microsoft | 1 Commerce Server | 2026-04-16 | N/A |
| The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | ||||
| CVE-2006-0322 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." | ||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. | ||||
| CVE-2006-0338 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more | 2026-04-16 | N/A |
| Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. | ||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | ||||
| CVE-2006-0378 | 1 Netrix | 1 X-site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program. NOTE: the name of the affected program might be installation-dependent, but it has been identified as "product_details.php" by some sources. | ||||