ReportizFlow
Filtered by vendor
Subscriptions
Total
29927 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3018 | 1 Php Group | 1 Php | 2026-04-16 | N/A |
| Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. | ||||
| CVE-2006-3021 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp. | ||||
| CVE-2006-3025 | 1 Lucid Designs | 1 Lucid Calendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3031 | 1 Fipsasp | 1 Fipscms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters. | ||||
| CVE-2006-3035 | 1 Myscrapbook | 1 Myscrapbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3038 | 1 Cescripts | 1 Realty Room Rent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed." | ||||
| CVE-2002-0254 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. | ||||
| CVE-2006-3046 | 1 Subtext | 1 Subtext | 2026-04-16 | N/A |
| Unspecified vulnerability in the admin login feature in Subtext 1.5, in a multiblog setup, allows remote administrators of one blog to login to another blog. | ||||
| CVE-2006-3054 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php. | ||||
| CVE-2002-0259 | 1 Instantservers Inc. | 1 Miniportal | 2026-04-16 | N/A |
| InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. | ||||
| CVE-2002-0261 | 1 Instantservers Inc. | 1 Miniportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command. | ||||
| CVE-2002-0267 | 1 Sips | 1 Sips | 2026-04-16 | N/A |
| preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file. | ||||
| CVE-2006-3069 | 1 Iglooweb | 1 Doublespeak | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used | ||||
| CVE-2006-3070 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. | ||||
| CVE-2002-0273 | 1 Netwin | 1 Cwmail | 2026-04-16 | N/A |
| Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. | ||||
| CVE-2002-0284 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname. | ||||
| CVE-2002-0287 | 1 Powie | 1 Pforum | 2026-04-16 | N/A |
| pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default. | ||||
| CVE-2006-3076 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | ||||
| CVE-2006-3096 | 1 Ipostmx | 1 Ipostmx 2005 | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal. | ||||
| CVE-2006-3103 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php. | ||||