Total
29912 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6148 | 1 Jiros | 1 Links Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6012 | 1 Mginternet | 1 Car Site Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. | ||||
| CVE-2007-0702 | 1 Phpeventman | 1 Phpeventman | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. | ||||
| CVE-2006-6156 | 1 Hscripts | 1 Hiox Star Rating System Script | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6169 | 2 Gnupg, Redhat | 2 Gnupg, Enterprise Linux | 2026-04-23 | N/A |
| Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt. | ||||
| CVE-2006-6176 | 1 Blogn | 1 Blogn | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2006-6188 | 1 Clicktech | 1 Clickgallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6191 | 1 8pixel.net | 1 Simple Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6013 | 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more | 5 Dragonflybsd, Freebsd, Midnightbsd and 2 more | 2026-04-23 | N/A |
| Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error. | ||||
| CVE-2006-6017 | 1 Wordpress | 1 Wordpress | 2026-04-23 | 6.5 Medium |
| WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | ||||
| CVE-2007-0730 | 1 Apple | 2 Mac Os X, Server Manager | 2026-04-23 | N/A |
| Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. | ||||
| CVE-2006-6018 | 1 Jim Plush | 1 My-bic | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant | ||||
| CVE-2007-0735 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. | ||||
| CVE-2006-6019 | 1 Bloo | 1 Bloo | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2006-6020 | 1 Blog Torrent | 1 Blog Torrent Preview | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter. | ||||
| CVE-2007-0773 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-23 | N/A |
| The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. | ||||
| CVE-2006-6209 | 1 Midicart Software | 2 Midicart Asp Plus Shopping Cart, Midicart Asp Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601. | ||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2026-04-23 | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||
| CVE-2006-6218 | 1 Dev4u | 1 Dev4u Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. | ||||