ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1696 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-4644 | 1 Phpfullannu | 1 Phpfullannu | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter. | ||||
| CVE-2006-1700 | 1 Aweb | 1 Scripts Seller | 2025-04-03 | N/A |
| Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | ||||
| CVE-2006-1701 | 1 Shadowed Portal | 1 Shadowed Portal | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. | ||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | ||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2025-04-03 | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | ||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | ||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2025-04-03 | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | ||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2025-04-03 | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | ||||
| CVE-2006-1713 | 1 Phpmyforum | 1 Phpmyforum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2025-04-03 | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | ||||
| CVE-2006-4656 | 1 Web-provence | 1 Sl Site | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition. | ||||
| CVE-2006-4674 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | N/A |
| Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. | ||||
| CVE-2006-4675 | 1 Andreas Gohr | 1 Dokuwiki | 2025-04-03 | N/A |
| Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. | ||||
| CVE-2006-4680 | 1 Canon | 7 Imagerunner 2620, Imagerunner 5020, Imagerunner 6870 and 4 more | 2025-04-03 | N/A |
| The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2006-1742 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2025-04-03 | N/A |
| The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | ||||
| CVE-2006-4682 | 1 Ibm | 1 Director | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | ||||
| CVE-2006-4709 | 1 Vikingboard | 1 Vikingboard | 2025-04-03 | N/A |
| SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter. | ||||
| CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. | ||||
| CVE-2006-4710 | 1 Newsgator | 1 Feeddemon | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. | ||||