ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1282 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. | ||||
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-16 | N/A |
| publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | ||||
| CVE-2006-4462 | 1 Gonafish.com | 1 Linkscaffe | 2026-04-16 | N/A |
| Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php. | ||||
| CVE-2006-4996 | 1 Joomla | 1 Joomlalib | 2026-04-16 | N/A |
| Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | ||||
| CVE-2006-1296 | 1 Beagle-project | 1 Beagle | 2026-04-16 | N/A |
| Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH. | ||||
| CVE-2006-1325 | 1 Streber | 1 Streber | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-3301 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php. | ||||
| CVE-2006-4463 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field). | ||||
| CVE-2006-1327 | 1 Softbb | 1 Softbb | 2026-04-16 | N/A |
| SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter. | ||||
| CVE-2006-4467 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-16 | N/A |
| Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Simple Machines Forum. | ||||
| CVE-2006-5002 | 1 Ibm | 1 Inventory Scout | 2026-04-16 | N/A |
| Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2006-1351 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. | ||||
| CVE-2005-3351 | 2 Apache, Redhat | 2 Spamassassin, Enterprise Linux | 2026-04-16 | N/A |
| SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | ||||
| CVE-2005-3359 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsistent reference counts for loadable protocol modules. | ||||
| CVE-2006-4479 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. | ||||
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | ||||
| CVE-2001-0310 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. | ||||
| CVE-2006-1357 | 1 F5 | 1 Firepass 4100 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2006-1381 | 1 Trend Micro | 1 Officescan | 2026-04-16 | N/A |
| Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. | ||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | ||||