Total
29612 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2025-04-03 | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | ||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2025-04-03 | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | ||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | ||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||
| CVE-2006-2528 | 1 Smartisoft | 1 Phpbazar | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | ||||
| CVE-2006-2527 | 1 Smartisoft | 1 Phpbazar | 2025-04-03 | N/A |
| Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | ||||
| CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2025-04-03 | N/A |
| Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. | ||||
| CVE-2006-2526 | 1 Power Place | 1 Php Easy Galerie | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
| CVE-2002-1042 | 2 Netscape, Sun | 4 Enterprise Server, Iplanet Web Server, One Application Server and 1 more | 2025-04-03 | N/A |
| Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter. | ||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2025-04-03 | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | ||||
| CVE-2006-3182 | 1 Mobescripts | 1 Mobile Space Community | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page. | ||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | ||||
| CVE-2006-3180 | 1 Swsoft | 1 Confixx | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | ||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | ||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2025-04-03 | N/A |
| admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | ||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | ||||
| CVE-2006-3260 | 1 Virtual Design Studios | 1 Vlbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2002-1046 | 1 Watchguard | 2 Firebox, Soho Firewall | 2025-04-03 | N/A |
| Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. | ||||
| CVE-2002-1048 | 1 Hp | 1 Jetdirect | 2025-04-03 | N/A |
| HP JetDirect printers allow remote attackers to obtain the administrative password for the (1) web and (2) telnet services via an SNMP request to the variable (.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0. | ||||