Total
346203 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6205 | 1 Enthrallweb | 1 Ehomes | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter. | ||||
| CVE-2009-1788 | 2 Mega-nerd, Nullsoft | 2 Libsndfile, Winamp | 2026-04-23 | N/A |
| Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. | ||||
| CVE-2009-1789 | 2 Eggheads, Philip Moore | 3 Eggdrop, Eggdrop Irc Bot, Windrop | 2026-04-23 | N/A |
| mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. | ||||
| CVE-2009-1796 | 1 Sun | 1 Java System Portal Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. | ||||
| CVE-2009-1797 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | ||||
| CVE-2006-6460 | 2 Short Url, Url Tracker Script | 2 Short Url, Url Tracker Script | 2026-04-23 | N/A |
| Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509. | ||||
| CVE-2006-6210 | 1 Iisworks | 1 Asp Listpics | 2026-04-23 | N/A |
| SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-6463 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root. | ||||
| CVE-2006-6214 | 1 Wallpaper | 1 Wallpaper Complete Website | 2026-04-23 | N/A |
| SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter. | ||||
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2026-04-23 | N/A |
| 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | ||||
| CVE-2009-1801 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6465 | 1 Wikyblog | 1 Wikyblog | 2026-04-23 | N/A |
| Directory traversal vulnerability in WBmap.php in WikyBlog 1.3.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the l parameter. NOTE: CVE disputes this vulnerability because l is validated by ctype_alpha before use | ||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2026-04-23 | N/A |
| Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | ||||
| CVE-2009-1802 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. | ||||
| CVE-2009-1803 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2026-04-23 | N/A |
| FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | ||||
| CVE-2009-1807 | 1 Baofeng | 1 Storm | 2026-04-23 | N/A |
| Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | ||||
| CVE-2009-1808 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. | ||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | ||||
| CVE-2006-6483 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | ||||