Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2410 | 1 Raydium | 1 Raydium | 2026-04-16 | N/A |
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | ||||
| CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | ||||
| CVE-2002-1017 | 1 Adobe | 1 Digital Editions | 2026-04-16 | N/A |
| Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code. | ||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2026-04-16 | N/A |
| admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | ||||
| CVE-2002-1020 | 1 Adobe | 1 Adobe Content Server | 2026-04-16 | N/A |
| The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when the server reports that no more copies are available. | ||||
| CVE-2006-2718 | 1 Jiwa | 1 Financials | 2026-04-16 | N/A |
| JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. | ||||
| CVE-2002-1021 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. | ||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | ||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2026-04-16 | N/A |
| Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | ||||
| CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. | ||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | ||||
| CVE-2006-3075 | 1 Picturedis | 2 Picturedis Photoalbum, Picturedis Professional | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php. | ||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | ||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2026-04-16 | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | ||||
| CVE-2006-3141 | 1 Dpivision | 1 Tradingeye Shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | ||||
| CVE-2006-3229 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." | ||||
| CVE-2006-3236 | 1 Thinkfactory | 1 Thinkwms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | ||||
| CVE-2006-3315 | 1 Rahnemaco | 1 Rahnemaco | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter. | ||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | ||||