ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2794 | 1 Aspsitem | 1 Aspsitem | 2026-04-16 | N/A |
| Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter. | ||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | ||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | ||||
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2026-04-16 | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | ||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2026-04-16 | N/A |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2824 | 1 Logicalware | 1 Mailmanager | 2026-04-16 | N/A |
| Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | ||||
| CVE-2006-2828 | 1 Php-nuke | 1 Ev | 2026-04-16 | N/A |
| Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. | ||||
| CVE-2006-2829 | 1 Tibco | 3 Hawk, Hawk Monitoring Agent, Runtime Agent | 2026-04-16 | N/A |
| Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma. | ||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | ||||
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | ||||
| CVE-2006-2836 | 1 Pineapple Technologies | 1 Lore | 2026-04-16 | N/A |
| SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | ||||
| CVE-2006-2841 | 1 Associated | 1 Associated Cms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php. | ||||
| CVE-2006-2854 | 1 Ibwd | 1 Ibwd Guestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | ||||
| CVE-2006-2862 | 1 Particle Soft | 1 Particle Gallery | 2026-04-16 | N/A |
| SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter. | ||||
| CVE-2006-2868 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. | ||||
| CVE-2006-2876 | 1 Deltascripts | 1 Php Pro Publish | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | ||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | ||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2026-04-16 | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||