Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6217 | 1 Php-nuke | 1 Mermaid Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter. | ||||
| CVE-2007-0580 | 1 Javier Suarez Sanz | 1 Foro Domus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. | ||||
| CVE-2006-6259 | 1 Alternc | 1 Alternc | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain. | ||||
| CVE-2006-6280 | 1 O2php.com | 1 Oxygen | 2026-04-23 | N/A |
| SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572. | ||||
| CVE-2006-6301 | 1 Denyhosts | 1 Denyhosts | 2026-04-23 | N/A |
| DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain strings with an IP address, which is not properly handled by a regular expression. | ||||
| CVE-2006-6352 | 1 Frisk Software | 1 F-prot Antivirus | 2026-04-23 | N/A |
| FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294. | ||||
| CVE-2006-6340 | 1 Nvidia | 1 Nview | 2026-04-23 | N/A |
| keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability. | ||||
| CVE-2006-6404 | 1 Innovationdp | 1 Fdr\/upstrean | 2026-04-23 | N/A |
| INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap. NOTE: the vendor's testing reportedly found that no denial of service occurred. | ||||
| CVE-2006-6395 | 1 Ulrik Petersen | 2 Emdros Database Engine, Emrdos Database Engine | 2026-04-23 | N/A |
| Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415. | ||||
| CVE-2006-6403 | 1 Mystats | 1 Mystats | 2026-04-23 | N/A |
| mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | ||||
| CVE-2006-6413 | 1 Amateras | 1 Amateras Sns | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-6461 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2026-04-23 | N/A |
| tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508. | ||||
| CVE-2006-6446 | 1 Iware | 1 Iware Professional | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | ||||
| CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2026-04-23 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. | ||||
| CVE-2006-6493 | 1 Openldap | 1 Openldap | 2026-04-23 | N/A |
| Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. | ||||
| CVE-2006-6516 | 1 Kdpics | 1 Kdpics | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib_path parameter to (b) authenticate.inc.php3 or (c) lib/exifer/exif.php. | ||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2006-6527 | 1 Gizzar | 1 Gizzar | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | ||||