ReportizFlow
Filtered by vendor
Subscriptions
Total
29889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6198 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. | ||||
| CVE-2006-6197 | 1 B2evolution | 1 B2evolution | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. | ||||
| CVE-2006-6210 | 1 Iisworks | 1 Asp Listpics | 2025-04-09 | N/A |
| SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-6918 | 1 Geobb | 1 Geobb | 2025-04-09 | N/A |
| Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. | ||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | ||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | ||||
| CVE-2006-6234 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | ||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2025-04-09 | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6281 | 1 Dicshunary | 1 Dicshunary | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter. | ||||
| CVE-2006-6947 | 1 Nec | 1 Multiwriter 1700c | 2025-04-09 | N/A |
| The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2006-6329 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | N/A |
| index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter. | ||||
| CVE-2006-6356 | 1 Phpnews | 1 Phpnews | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. | ||||
| CVE-2006-6075 | 1 Baalasp | 1 Smart Form Portal | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6071 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. | ||||
| CVE-2006-6063 | 1 Un4seen | 1 Xmplay | 2025-04-09 | N/A |
| Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. | ||||
| CVE-2006-6062 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | ||||
| CVE-2006-6043 | 1 Oliver | 1 Oliver | 2025-04-09 | N/A |
| PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. | ||||
| CVE-2006-6034 | 1 Sitesoutlet | 1 E-commerce Kit-1 | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp. | ||||
| CVE-2006-6028 | 1 Anton Vlasov | 1 Dosepa | 2025-04-09 | N/A |
| Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter. | ||||
| CVE-2006-6021 | 1 Bestwebapp | 1 Bestwebapp Dating Site | 2025-04-09 | N/A |
| SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | ||||