Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0154 | 1 427bb | 1 Fourtwosevenbb | 2026-04-16 | N/A |
| SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. | ||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-0254 | 2 Apache, Redhat | 3 Geronimo, Network Satellite, Rhel Application Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | ||||
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | ||||
| CVE-2006-0440 | 1 Text Rider | 1 Text Rider | 2026-04-16 | N/A |
| Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie. | ||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2026-04-16 | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | ||||
| CVE-2006-0531 | 1 Sun | 1 Java System Access Manager | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. | ||||
| CVE-2006-0546 | 1 Egeinternet | 1 Egeinternet | 2026-04-16 | N/A |
| Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||
| CVE-2006-0597 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". | ||||
| CVE-2006-0599 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. | ||||
| CVE-2006-0712 | 1 Squishdot | 1 Squishdot | 2026-04-16 | N/A |
| mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability. | ||||
| CVE-2002-0991 | 1 Hp | 1 Cifs-9000 Server | 2026-04-16 | N/A |
| Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters. | ||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. | ||||
| CVE-2006-0878 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. | ||||
| CVE-2006-0881 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. | ||||
| CVE-2002-1000 | 1 Analogx | 1 Simpleserver Shout | 2026-04-16 | N/A |
| Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001. | ||||
| CVE-2006-1064 | 1 Lurker | 1 Lurker | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2002-1003 | 1 Mywebserver | 1 Mywebserver | 2026-04-16 | N/A |
| Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2002-1005 | 1 Argosoft | 1 Argosoft Mail Server | 2026-04-16 | N/A |
| ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop. | ||||