Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-16 | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | ||||
| CVE-2006-2786 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | ||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | ||||
| CVE-2006-2819 | 1 Barnraiser | 1 Igloo | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | ||||
| CVE-2006-2825 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | ||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | ||||
| CVE-2006-2838 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2026-04-16 | N/A |
| Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. | ||||
| CVE-2005-0786 | 1 Simpgb | 1 Simpgb | 2026-04-16 | N/A |
| SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | ||||
| CVE-2005-4489 | 1 Scoop | 1 Scoop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story. | ||||
| CVE-2006-2870 | 1 Intelligent Solutions | 1 Asp Discussion Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in forum_search.asp in Intelligent Solutions Inc. ASP Discussion Forum allows remote attackers to inject arbitrary web script or HTML via the search variable. | ||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | ||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | ||||
| CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | ||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | ||||
| CVE-1999-0154 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-16 | N/A |
| IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. | ||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | ||||
| CVE-2006-2990 | 1 Vanillasoft | 1 Vanillasoft Helpdesk | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. | ||||
| CVE-2003-1207 | 1 Crob | 1 Crob Ftp Server | 2026-04-16 | N/A |
| Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string. | ||||
| CVE-2001-0503 | 1 Microsoft | 1 Netmeeting | 2026-04-16 | N/A |
| Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. | ||||