Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4073 | 1 Phpcc | 1 Phpcc | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. | ||||
| CVE-2006-4105 | 1 Fill Threads Database | 1 Fill Threads Database | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. | ||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2026-04-16 | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4138 | 1 Microsoft | 1 Help File Viewer | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. | ||||
| CVE-2006-4212 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2026-04-16 | N/A |
| SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-4221 | 1 Ibm | 1 Egatherer | 2026-04-16 | N/A |
| Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method. | ||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2026-04-16 | N/A |
| index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | ||||
| CVE-2006-4263 | 1 Product Scroller Module | 1 Product Scroller Module | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. | ||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package | ||||
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level. | ||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2026-04-16 | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | ||||
| CVE-2006-4319 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. | ||||
| CVE-2006-4344 | 1 Cgi-rescue | 1 Mail F W System | 2026-04-16 | N/A |
| CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. | ||||
| CVE-2006-4347 | 1 Jiran | 2 Cool Manager, Cool Messenger Office School Server | 2026-04-16 | N/A |
| SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2006-4351 | 1 Oneorzero | 1 Oneorzero | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-4364 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. | ||||
| CVE-2006-4380 | 2 Mysql, Redhat | 2 Mysql, Enterprise Linux | 2026-04-16 | N/A |
| MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. | ||||
| CVE-2006-4386 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. | ||||
| CVE-2006-4389 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. | ||||