Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3829 | 1 Kailash Nadh | 1 Boastmachine | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action. | ||||
| CVE-2001-0443 | 1 Qpc Software | 2 Qvt Net, Qvt Term Plus | 2026-04-16 | N/A |
| Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password. | ||||
| CVE-2006-3834 | 1 Ej3 | 1 Topo | 2026-04-16 | N/A |
| EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors. | ||||
| CVE-2006-1700 | 1 Aweb | 1 Scripts Seller | 2026-04-16 | N/A |
| Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | ||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | ||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2026-04-16 | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | ||||
| CVE-2006-1714 | 1 Phpmyforum | 1 Phpmyforum | 2026-04-16 | N/A |
| CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. | ||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. | ||||
| CVE-2002-2220 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-16 | N/A |
| Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2006-1744 | 1 Joey Hess | 1 Bsdgames | 2026-04-16 | N/A |
| Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | ||||
| CVE-2006-1765 | 1 Jbook | 1 Jbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-1774 | 1 Hp | 2 Compaqhttpserver, System Management Homepage | 2026-04-16 | N/A |
| HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. | ||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2026-04-16 | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | ||||
| CVE-2006-1804 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. | ||||
| CVE-2006-1805 | 1 Powerscripts | 1 Powerclan | 2026-04-16 | N/A |
| SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | ||||
| CVE-2006-1811 | 1 Flexbb | 1 Flexbb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie. | ||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2026-04-16 | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | ||||
| CVE-2006-1835 | 1 Vincent Hor | 2 Calendarix, Calendarix Advanced | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | ||||
| CVE-2006-1853 | 1 Moderngigabyte | 1 Modernbill | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php. | ||||