Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | ||||
| CVE-2006-0201 | 1 Paypal | 1 Php Toolkit | 2026-04-16 | N/A |
| Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. | ||||
| CVE-2006-0216 | 1 Qualityebiz | 1 Quality Ppc | 2026-04-16 | N/A |
| admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. | ||||
| CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2026-04-16 | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | ||||
| CVE-2006-0238 | 1 Gamerz | 1 Wp-stats | 2026-04-16 | N/A |
| SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||||
| CVE-2006-0239 | 1 8pixel.net | 1 Simple Blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts. | ||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2026-04-16 | N/A |
| Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root | ||||
| CVE-2006-0247 | 1 Netbula | 1 Anyboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command. | ||||
| CVE-2006-0296 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-16 | N/A |
| The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | ||||
| CVE-2006-0300 | 2 Gnu, Redhat | 2 Tar, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | ||||
| CVE-2006-0302 | 1 Zyxel | 1 P2000w Version 2 Voip Wifi Phone | 2026-04-16 | N/A |
| ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. | ||||
| CVE-2006-0304 | 1 Achal Dhir | 1 Dual Dhcp Dns Server | 2026-04-16 | N/A |
| Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. | ||||
| CVE-2006-0305 | 1 Clipcomm | 2 Cp-100e Voip Wifi Phone, Cpw-100e Voip Wifi Phone | 2026-04-16 | N/A |
| Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug service on TCP port 60023. | ||||
| CVE-2006-0311 | 1 Mike Helton | 1 Aoblogger | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-0313 | 1 Pdfdirectory | 1 Pdfdirectory | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | ||||
| CVE-2006-0317 | 1 Redkernel | 1 Referrer Tracker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2026-04-16 | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | ||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2026-04-16 | N/A |
| SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2026-04-16 | N/A |
| Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | ||||
| CVE-2006-0356 | 1 Ari Pikivirta | 1 Home Ftp Server | 2026-04-16 | N/A |
| Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command. | ||||