Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2026-04-16 | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | ||||
| CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2026-04-16 | N/A |
| Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | ||||
| CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | ||||
| CVE-2006-2847 | 1 Full Revolution | 1 Aspweblinks | 2026-04-16 | N/A |
| SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | ||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2026-04-16 | N/A |
| Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| CVE-2006-2871 | 1 Cyboards | 1 Cyboards Php Lite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value | ||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | ||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2006-2931 | 1 Hotwebscripts | 1 Cms Mundo | 2026-04-16 | N/A |
| CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files. | ||||
| CVE-2006-1122 | 1 D2ksoft | 1 D2kblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2006-1129 | 1 Ekinboard | 1 Ekinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. | ||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2026-04-16 | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | ||||
| CVE-2006-1213 | 1 Jiro | 1 Banner System | 2026-04-16 | N/A |
| JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account. | ||||
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | ||||
| CVE-2006-1281 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. | ||||
| CVE-2006-1289 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php. | ||||
| CVE-2006-1320 | 1 Rssh | 1 Rssh | 2026-04-16 | N/A |
| util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf. | ||||
| CVE-2006-1322 | 1 Novell | 2 Netware, Netware Ftp Server | 2026-04-16 | N/A |
| Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow. | ||||
| CVE-2006-1361 | 1 Oswiki | 1 Oswiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. | ||||
| CVE-2006-1395 | 1 Cholod | 1 Mysql Based Message Board | 2026-04-16 | N/A |
| SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||