Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1017 | 1 Webteacher | 1 Webdata | 2026-04-16 | N/A |
| Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. | ||||
| CVE-2006-2836 | 1 Pineapple Technologies | 1 Lore | 2026-04-16 | N/A |
| SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | ||||
| CVE-2006-2841 | 1 Associated | 1 Associated Cms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | ||||
| CVE-2006-2842 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable | ||||
| CVE-2006-2845 | 1 Redaxo | 1 Redaxo | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php. | ||||
| CVE-2000-1027 | 1 Cisco | 1 Pix Firewall Software | 2026-04-16 | N/A |
| Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. | ||||
| CVE-2006-2849 | 1 Andrew Godwin | 1 Bytehoard | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | ||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | ||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | ||||
| CVE-2006-2853 | 1 Abarcar | 1 Abarcar Realty Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | ||||
| CVE-2006-2858 | 1 Locazo | 1 Locazolist Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | ||||
| CVE-2006-2863 | 1 Cs-cart | 1 Cs-cart | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | ||||
| CVE-2006-2866 | 1 Dotclear | 1 Dotclear | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | ||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2026-04-16 | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||
| CVE-2000-1057 | 1 Hp | 1 Openview Network Node Manager | 2026-04-16 | N/A |
| Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions. | ||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | ||||
| CVE-2000-1059 | 1 Mandrakesoft | 1 Mandrake Linux | 2026-04-16 | N/A |
| The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. | ||||
| CVE-2000-1063 | 1 Hp | 1 Jetdirect | 2026-04-16 | N/A |
| Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | ||||