Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4073 | 1 Phpcc | 1 Phpcc | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. | ||||
| CVE-2006-4069 | 1 Ozjournals | 1 Ozjournals | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action. | ||||
| CVE-2006-4070 | 1 Imendio Planner | 1 Imendio Planner | 2025-04-03 | N/A |
| Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename. | ||||
| CVE-2006-4090 | 1 Webligo | 1 Bloghoster | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php. | ||||
| CVE-2006-4091 | 1 Archangelmgt | 1 Weblog | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. | ||||
| CVE-2006-4104 | 1 Mojoscripts | 1 Mojogallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." | ||||
| CVE-2006-4103 | 1 Jason Alexander | 1 Phnntp | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | ||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | ||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2025-04-03 | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4122 | 1 Simple One-file Guestbook | 1 Simple One-file Guestbook | 2025-04-03 | N/A |
| Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | ||||
| CVE-2006-4135 | 1 Vincent Hor | 1 Calendarix | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid | ||||
| CVE-2006-4160 | 1 Mvcnphp | 1 Mvcnphp | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to (1) BaseCommand.php, (2) BaseLoader.php, and (3) BaseView.php. | ||||
| CVE-2006-4172 | 1 Freebsd | 1 Freebsd | 2025-04-03 | N/A |
| Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178. | ||||
| CVE-2006-4178 | 1 Freebsd | 1 Freebsd | 2025-04-03 | N/A |
| Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. | ||||
| CVE-2006-4198 | 1 Wheatblog | 1 Wheatblog | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter. | ||||
| CVE-2006-4211 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2025-04-03 | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-4212 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2025-04-03 | N/A |
| SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||