Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4060 1 Web-scripts 1 Visual Events Calendar 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
CVE-2006-4059 1 Usolved 1 Newsolved Lite 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
CVE-2006-4058 1 Simplog 1 Simplog 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
CVE-2006-4057 1 Mitch Murray 1 Eremove 2026-06-16 7.5 HIGH N/A
Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
CVE-2006-4056 2 The Address Book, The Address Book Reloaded 2 The Address Book, The Address Book Reloaded 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
CVE-2006-4055 1 Tsep 1 Tsep 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
CVE-2006-4054 1 Ehmig 1 Me Download System 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4053 1 Ehmig 1 Me Download System 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
CVE-2006-4052 1 Turnkey Web Tools 1 Php Simple Shop 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.
CVE-2006-4051 1 Turnkey Web Tools 1 Php Live Helper 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
CVE-2006-4050 1 David Walker 1 Phpautomembersarea 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
CVE-2006-4049 1 Sun 1 Ray Server Software 2026-06-16 2.1 LOW N/A
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
CVE-2006-4048 1 Netious Cms 1 Netious Cms 2026-06-16 7.5 HIGH N/A
Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4047 1 Netious Cms 1 Netious Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4046 1 Open Cubic Player 1 Open Cubic Player 2026-06-16 7.5 HIGH N/A
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
CVE-2006-4045 1 Torbstoff 1 Torbstoff News 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
CVE-2006-4044 1 Brad Fears 1 Phpcodecabinet 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.
CVE-2006-4043 1 Mywebland 1 Mybloggie 2026-06-16 5.0 MEDIUM N/A
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
CVE-2006-4041 1 Pike 1 Pike 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
CVE-2006-4040 1 Mywebland 1 Myevent 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.