ReportizFlow
Filtered by vendor
Subscriptions
Total
29932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1921 | 1 Php Net Tools | 1 Php Net Tools | 2026-04-16 | N/A |
| nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. | ||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | ||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2026-04-16 | N/A |
| CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | ||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2026-04-16 | N/A |
| Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | ||||
| CVE-2006-3796 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | N/A |
| DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user. | ||||
| CVE-2006-2170 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | ||||
| CVE-2006-2177 | 1 Bitdamaged | 1 Geoblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | ||||
| CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | ||||
| CVE-2006-2270 | 1 Jetbox | 1 Jetbox Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter. | ||||
| CVE-2006-2273 | 1 Verisign | 1 I-nav | 2026-04-16 | N/A |
| The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file. | ||||
| CVE-2006-2278 | 1 Arabless | 1 Saphplesson | 2026-04-16 | N/A |
| SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php. | ||||
| CVE-2006-2342 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | ||||
| CVE-2001-0840 | 1 Compaq | 1 Insight Manager Xe | 2026-04-16 | N/A |
| Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. | ||||
| CVE-2005-0400 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block. | ||||
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | ||||
| CVE-2006-2449 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2026-04-16 | N/A |
| KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. | ||||
| CVE-2006-2487 | 1 Scoznet | 1 Scoznews | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue. | ||||
| CVE-2005-3852 | 1 Onlinetechtools.com | 1 Owos Lite | 2026-04-16 | N/A |
| SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||