Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0873 | 1 Nabocorp | 1 Nabopoll | 2026-04-23 | N/A |
| nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | ||||
| CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | ||||
| CVE-2009-2831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | ||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2006-7092 | 1 Mamboxchange | 1 Laithai | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | ||||
| CVE-2006-7077 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2026-04-23 | N/A |
| SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. | ||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | ||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | ||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2026-04-23 | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | ||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | ||||
| CVE-2006-6264 | 1 Microsoft | 1 Teredo | 2026-04-23 | N/A |
| Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering. | ||||
| CVE-2006-6268 | 1 Neocrome | 1 Land Down Under | 2026-04-23 | N/A |
| SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527). | ||||
| CVE-2006-6868 | 1 Zen Cart | 1 Web Shopping Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-6269 | 1 Infinity Technologies | 1 Infinitytechs Restaurants Cm | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp. | ||||
| CVE-2006-6906 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. | ||||
| CVE-2006-6907 | 1 Bluesoil Bluetooth | 1 Bluesoil Bluetooth | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors. | ||||
| CVE-2009-1105 | 2 Redhat, Sun | 3 Network Satellite, Rhel Extras, Java | 2026-04-23 | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | ||||
| CVE-2006-6270 | 1 Kervancilar | 1 Aspmforum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141. | ||||
| CVE-2006-6272 | 1 Paul Griffin | 1 Simple Php Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | ||||
| CVE-2006-6277 | 1 Contentserv | 1 Contentserv | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086. | ||||