Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | ||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2026-04-16 | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | ||||
| CVE-2006-4921 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-4945 | 1 Cardway | 1 Digitalwebshop | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php. | ||||
| CVE-2006-4947 | 1 Drupal | 1 Search Keyword Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." | ||||
| CVE-2006-2410 | 1 Raydium | 1 Raydium | 2026-04-16 | N/A |
| raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference. | ||||
| CVE-2006-4948 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2026-04-16 | N/A |
| Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | ||||
| CVE-2006-2424 | 1 Ezusermanager | 1 Ezusermanager | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | ||||
| CVE-2006-4955 | 1 Neosys | 1 Neon Webmail | 2026-04-16 | N/A |
| Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters. | ||||
| CVE-2006-4957 | 1 The Myreview System | 1 Myreview | 2026-04-16 | N/A |
| SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php. | ||||
| CVE-2006-2367 | 1 Clansys | 1 Clansys | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function. | ||||
| CVE-2002-2031 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results. | ||||
| CVE-2006-2364 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | ||||
| CVE-2002-1999 | 1 Hp | 1 Praesidium Webproxy | 2026-04-16 | N/A |
| HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests. | ||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2359 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2343 | 1 Adventnet | 1 Manageengine Opmanager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2342 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | ||||