Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4202 | 1 Spidey Blog | 1 Spidey Blog Script | 2025-04-03 | N/A |
| SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2006-4203 | 1 Mamboxchange | 1 Mambo Email Publisher | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4239 | 1 Outreach Project Tool | 1 Opt Max | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. | ||||
| CVE-2006-4242 | 1 Joomla | 1 Jim Instant Messaging Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | ||||
| CVE-2006-4238 | 1 Wtcom | 1 Web Torrent | 2025-04-03 | N/A |
| SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. | ||||
| CVE-2006-4240 | 1 Fusionphp | 1 Fusion News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | ||||
| CVE-2006-4241 | 1 Mamboxchange | 1 Reporter | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4268 | 1 Devellion | 1 Cubecart | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. | ||||
| CVE-2006-4276 | 1 Tutti Nova | 1 Tutti Nova | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. | ||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4271 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system. | ||||
| CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | ||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | ||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | ||||
| CVE-2006-4293 | 1 Cpanel | 1 Cpanel | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. | ||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2025-04-03 | N/A |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-4295 | 1 Panda | 1 Panda Activescan | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2006-4328 | 1 Cloudnine Interactive | 1 Links Manager | 2025-04-03 | N/A |
| SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | ||||