Total
29766 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | ||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | ||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2025-04-03 | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | ||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2025-04-03 | N/A |
| index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. | ||||
| CVE-2006-1709 | 1 Interaktiv | 1 Interaktiv.shop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. | ||||
| CVE-2006-1732 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | ||||
| CVE-2006-1734 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | ||||
| CVE-2006-1755 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | N/A |
| SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | ||||
| CVE-2006-1758 | 1 Bill Shupp | 1 Vegadns | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | ||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2025-04-03 | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | ||||
| CVE-2006-1812 | 1 Phpwebftp | 1 Phpwebftp | 2025-04-03 | N/A |
| phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-1813 | 1 Phpwebftp | 1 Phpwebftp | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. | ||||
| CVE-2006-1814 | 1 Netbsd | 1 Netbsd | 2025-04-03 | N/A |
| NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory. | ||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2025-04-03 | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | ||||
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | ||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | ||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | ||||