Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2660 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | ||||
| CVE-2006-1578 | 1 Index Data Aps | 1 Keystone Digital Library Suite | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module. | ||||
| CVE-2006-1581 | 1 Blanknberg | 1 Blanknberg | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter. | ||||
| CVE-2006-1583 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. | ||||
| CVE-2006-1592 | 2 X-doom, Zdaemon | 2 X-doom, Zdaemon | 2026-04-16 | N/A |
| Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. | ||||
| CVE-2006-1602 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear. | ||||
| CVE-2006-1604 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | ||||
| CVE-2006-1607 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors. | ||||
| CVE-2006-1608 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. | ||||
| CVE-2006-1609 | 1 Hitachi | 4 Xfit S, Xfit S Jca, Xfit S Zengin and 1 more | 2026-04-16 | N/A |
| Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly". | ||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | ||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | ||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | ||||
| CVE-2006-1630 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." | ||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | ||||
| CVE-2006-1638 | 1 Aweb Labs | 1 Awebbb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | ||||
| CVE-2006-4617 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. | ||||
| CVE-2006-1641 | 1 Czaries Network | 1 Czarnews | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php. | ||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2026-04-16 | N/A |
| login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | ||||