ReportizFlow
Filtered by vendor
Subscriptions
Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1554 | 1 Tachyon | 1 Vsns Lemon | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. | ||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2026-04-16 | N/A |
| SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1570 | 1 Esqlanelapse | 1 Esqlanelapse | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | ||||
| CVE-2006-1577 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. | ||||
| CVE-2006-1585 | 1 3dsrc | 1 Monalbum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php. | ||||
| CVE-2006-1586 | 1 Internet Solutions Professionals | 1 Site Man | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. | ||||
| CVE-2006-1591 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | ||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2026-04-16 | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | ||||
| CVE-2006-1594 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | ||||
| CVE-2006-1599 | 1 V-creator.com | 1 V-creator | 2026-04-16 | N/A |
| Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions. | ||||
| CVE-2006-1603 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1600 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2006-1604 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | ||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | ||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2026-04-16 | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | ||||
| CVE-2006-1619 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | ||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2026-04-16 | N/A |
| Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided. | ||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | ||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2026-04-16 | N/A |
| login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||