Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5490 | 1 Middlebury College | 1 Segue Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-5491 | 1 Ceary | 1 Ultracms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2006-5493 | 1 Digitalhive | 1 Digitalhive | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | ||||
| CVE-2006-6635 | 1 Jumbacms | 1 Jumbacms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | ||||
| CVE-2006-5495 | 1 Trawler | 1 Trawler Web Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files. | ||||
| CVE-2006-5499 | 1 Serendipity | 1 Serendipity | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. | ||||
| CVE-2006-5503 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2006-5510 | 1 Bluevirus-design | 1 Ph Pexplorer | 2026-04-23 | N/A |
| Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code. | ||||
| CVE-2006-5514 | 1 Web Group Communication Center | 1 Web Group Communication Center | 2026-04-23 | N/A |
| SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter. | ||||
| CVE-2006-5515 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. | ||||
| CVE-2006-5516 | 1 Wikini | 1 Wikini | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. | ||||
| CVE-2006-5518 | 1 Christopher Fowler | 1 Rssonate | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | ||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | ||||
| CVE-2006-6640 | 1 Omniture | 1 Sitecatalyst | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information. | ||||
| CVE-2007-1294 | 1 Divx | 1 Divx Web Player | 2026-04-23 | N/A |
| A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. | ||||
| CVE-2007-2642 | 1 R2k | 1 R2k Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter. | ||||
| CVE-2007-1434 | 1 Grayscale | 1 Grayscale Blog | 2026-04-23 | N/A |
| SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php. | ||||
| CVE-2007-1473 | 1 Horde | 1 Horde Application Framework | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. | ||||
| CVE-2007-1479 | 1 Creative Guestbook | 1 Creative Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | ||||