Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2735 | 1 Activity Mod Plus | 1 Activity Mod Plus | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. | ||||
| CVE-2006-2739 | 1 Epic Designs | 1 Tinybb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter. | ||||
| CVE-2006-2744 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | ||||
| CVE-2006-2754 | 1 Openldap | 1 Openldap | 2025-04-03 | N/A |
| Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | ||||
| CVE-2006-2761 | 1 Hitachi | 1 Hitsenser3 | 2025-04-03 | N/A |
| SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2764 | 1 Xander Ladage | 1 Guestbookxl | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. | ||||
| CVE-2006-2765 | 1 Interlink Advantage | 1 Interlink Advantage | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. | ||||
| CVE-2006-2772 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2773 | 1 Hogstorps | 1 Hogstorp Guestbook | 2025-04-03 | N/A |
| admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2774 | 1 Qontentone | 1 Qontentone Cms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter. | ||||
| CVE-2006-2776 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | ||||
| CVE-2006-2790 | 1 Sun | 1 Storage Automated Diagnostic Environment | 2025-04-03 | N/A |
| A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | ||||
| CVE-2006-2791 | 1 Net Art Media | 1 Iboutique.mall | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter. | ||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2025-04-03 | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2006-2799 | 1 Toenda Software Development | 1 Toendacms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | ||||
| CVE-2006-2805 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. | ||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | ||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | ||||
| CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | ||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2025-04-03 | N/A |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||