Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-3090 1 Phpmyfactures 1 Phpmyfactures 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php.
CVE-2006-3109 1 Cisco 1 Call Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
CVE-2004-2661 1 Soft3304 1 04webserver 2026-04-16 N/A
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
CVE-2006-3135 1 Hotwebscripts 1 Cms Mundo 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
CVE-2006-3142 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2006-3147 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers' passwords via unspecified vectors. NOTE: due to the lack of precise details, it is not clear whether this is related to a previously disclosed issue such as CVE-2005-1788.
CVE-2006-3150 1 Cavoxcms 1 Cavoxcms 2026-04-16 N/A
SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2006-3152 1 Bluehouse Project 1 Phptrader 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php.
CVE-2004-2675 1 Argosoft 1 Ftp Server 2026-04-16 N/A
ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.
CVE-2006-3158 1 Eduha Meeting 1 Eduha Meeting 2026-04-16 N/A
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
CVE-2006-3166 1 Free Realty 1 Free Realty 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.
CVE-2006-3168 1 Comscripts 1 Cs-forum 2026-04-16 N/A
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
CVE-2006-3182 1 Mobescripts 1 Mobile Space Community 2026-04-16 N/A
Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page.
CVE-2005-1511 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.
CVE-2005-1516 1 Netwin 1 Dmail 2026-04-16 N/A
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
CVE-2006-3214 1 Hitachi 2 Groupmax Address Server, Groupmax Mail Server 2026-04-16 N/A
Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests".
CVE-2006-3219 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
CVE-2006-3225 1 Sun 2 Java System Application Server, One Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-3227 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
CVE-2006-3249 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is used for the page parameter for a search URL, the search query will use a negative number for the LIMIT clause. This causes the query to break, showing no results. It IS NOT however a sql injection error." While the original report is from a researcher with mixed accuracy, as of 20060703, CVE does not have any additional information regarding this issue