Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3108 | 1 Emailarchitect | 1 Email Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter. | ||||
| CVE-1999-0668 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. | ||||
| CVE-2005-2246 | 1 Iphotoalbum | 1 Iphotoalbum | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php. | ||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | ||||
| CVE-2006-3176 | 1 Xaran | 1 Xaran Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3178 | 1 Jed Wing | 1 Chm Lib | 2026-04-16 | N/A |
| Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename. | ||||
| CVE-2006-3183 | 1 Mobescripts | 1 Mobile Space Community | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). | ||||
| CVE-2006-2507 | 1 Teake Nutma | 1 Foing | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | ||||
| CVE-2006-3194 | 1 Singapore | 1 Singapore | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. | ||||
| CVE-2006-3207 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Directory traversal vulnerability in newpost.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the id parameter, as demonstrated by injecting a Perl CGI script using "[NR]" sequences in the message parameter, then calling close.php with modified id and t_id parameters to chmod the script. NOTE: this issue might be resultant from dynamic variable evaluation. | ||||
| CVE-2006-3215 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2026-04-16 | N/A |
| Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set. | ||||
| CVE-2006-3220 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2026-04-16 | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | ||||
| CVE-2006-3230 | 1 Azureus Tracker | 1 Azureus Tracker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2006-3234 | 1 Looknet | 1 Fineshop | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters. | ||||
| CVE-2006-3237 | 1 Senokian Solutions | 1 Enterprise Groupware Systems | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | ||||
| CVE-2006-3238 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | ||||
| CVE-2006-3246 | 1 Gl-sh | 1 Deaf Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | ||||
| CVE-2006-3250 | 1 Microsoft | 1 Windows Live Messenger | 2026-04-16 | N/A |
| Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. | ||||
| CVE-2006-3256 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||