Year CVE (3053)
Common Vulnerabilities and Exposures
CAN (20174)
Candidate
1999CVE-1999 (821)CAN-1999 (749 )
2000CVE-2000 (808)CAN-2000 (423 )
2001CVE-2001 (625)CAN-2001 (934 )
2002CVE-2002 (643)CAN-2002 (1566)
2003CVE-2003 (81 )CAN-2003 (1236)
2004CVE-2004 (75 )CAN-2004 (2601)
2005-CAN-2005 (4825)
2006-CAN-2006 (6982)
2007-CAN-2007 (858 )
CVE-2006-0061Learn more...
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2006-0062Learn more...
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2006-0063Learn more...
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.
CVE-2006-0064Learn more...
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
CVE-2006-0065Learn more...
SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php.
CVE-2006-0066Learn more...
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter.
CVE-2006-0067Learn more...
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0068Learn more...
SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php.
CVE-2006-0069Learn more...
Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.
CVE-2006-0070Learn more...
** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE.