ReportizFlow
Filtered by vendor
Subscriptions
Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6548 | 1 Cpanel | 1 Webhost Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. | ||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | ||||
| CVE-2006-6551 | 1 Tucows | 1 Client Code Suite | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter. | ||||
| CVE-2006-6563 | 1 Proftpd Project | 1 Proftpd | 2026-04-23 | N/A |
| Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. | ||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2026-04-23 | N/A |
| Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. | ||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | ||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | ||||
| CVE-2006-6728 | 1 Lan Messenger | 1 Lan Messenger | 2026-04-23 | N/A |
| Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors. | ||||
| CVE-2006-6820 | 1 Enthrallweb | 1 Ecoupons | 2026-04-23 | N/A |
| myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | ||||
| CVE-2006-6830 | 1 Cafelog | 1 B2 Blog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter. | ||||
| CVE-2006-6980 | 1 Magnatune.com | 1 Album Browser | 2026-04-23 | N/A |
| The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2006-7092 | 1 Mamboxchange | 1 Laithai | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | ||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-6227 | 1 Neoengine | 1 Neoengine | 2026-04-23 | N/A |
| The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference. | ||||
| CVE-2006-5716 | 1 Freenews | 1 Freenews | 2026-04-23 | N/A |
| Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1." | ||||
| CVE-2006-5726 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. | ||||
| CVE-2006-5775 | 1 Funkboard | 1 Funkboard | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. | ||||
| CVE-2006-5804 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2006-5809 | 1 Jonathon J. Freeman | 1 Ovbb | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors. | ||||
| CVE-2006-5813 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. | ||||