Total
29805 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2126 | 1 Avalon Ltd | 1 Maxtrade | 2025-04-03 | N/A |
| SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | ||||
| CVE-2006-2130 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | N/A |
| SQL injection vulnerability in include/class_poll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | ||||
| CVE-2006-2131 | 1 Advanced Poll | 1 Advanced Poll | 2025-04-03 | N/A |
| include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | ||||
| CVE-2006-2170 | 1 Argosoft | 1 Ftp Server | 2025-04-03 | N/A |
| Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | ||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2025-04-03 | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-2136 | 1 Aznews | 1 Aznews | 2025-04-03 | N/A |
| SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-2138 | 1 Neomail | 1 Neomail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | ||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | ||||
| CVE-2006-2145 | 1 Harold Bakker | 1 Hb-ns | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter. | ||||
| CVE-2006-2148 | 1 Cgiirc | 1 Cgiirc | 2025-04-03 | N/A |
| Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. | ||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | ||||
| CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | ||||
| CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | ||||
| CVE-2006-2156 | 1 X7 Group | 1 X7 Chat | 2025-04-03 | N/A |
| Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. | ||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2025-04-03 | N/A |
| Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | ||||
| CVE-2006-2165 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2025-04-03 | N/A |
| Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | ||||
| CVE-2006-2167 | 1 Sloughflash | 1 Sf-users | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. | ||||
| CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2025-04-03 | N/A |
| FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | ||||
| CVE-2006-2169 | 1 Best Practical Solutions | 1 Request Tracker | 2025-04-03 | N/A |
| RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | ||||