Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2718 | 1 Jiwa | 1 Financials | 2026-04-16 | N/A |
| JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account. | ||||
| CVE-2002-1021 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. | ||||
| CVE-2002-1022 | 1 Working Resources Inc. | 1 Badblue | 2026-04-16 | N/A |
| BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. | ||||
| CVE-2006-2749 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. | ||||
| CVE-2006-2806 | 1 Apache | 1 James | 2026-04-16 | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | ||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | ||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2026-04-16 | N/A |
| Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | ||||
| CVE-2006-2865 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod | ||||
| CVE-2002-1034 | 1 Sun | 1 I-runbook | 2026-04-16 | N/A |
| none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument. | ||||
| CVE-2002-1037 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features. | ||||
| CVE-2002-1038 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Double Choco Latte (DCL) before 20020706 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features. | ||||
| CVE-2002-1043 | 1 Ultrafunk | 1 Popcorn | 2026-04-16 | N/A |
| Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t"). | ||||
| CVE-2006-3037 | 1 Site Trade | 1 St Admanager Lite | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters. | ||||
| CVE-2006-3075 | 1 Picturedis | 2 Picturedis Photoalbum, Picturedis Professional | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php. | ||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | ||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | ||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2026-04-16 | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | ||||
| CVE-2006-3141 | 1 Dpivision | 1 Tradingeye Shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||
| CVE-2006-3164 | 1 Tpl Design | 1 Tplshop | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. | ||||
| CVE-2006-3169 | 1 Comscripts | 1 Cs-forum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php. | ||||