Export limit exceeded: 348220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348220 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | ||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | ||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | ||||
| CVE-2006-3023 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters. | ||||
| CVE-2006-3025 | 1 Lucid Designs | 1 Lucid Calendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-1999-0758 | 1 Netscape | 2 Enterprise Server, Fasttrack Server | 2026-04-16 | N/A |
| Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. | ||||
| CVE-2006-3026 | 1 Clicktech | 1 Clickgallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. | ||||
| CVE-2006-3027 | 1 Enthrallweb | 1 Ephotos | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) CAT_ID parameter in (a) subphotos.asp and (b) subLevel2.asp, the (2) AL_ID parameter in (c) photo.asp, and the (3) SUB_ID parameter in (d) subLevel2.asp. | ||||
| CVE-1999-0759 | 1 Fuseware | 1 Fusemail | 2026-04-16 | N/A |
| Buffer overflow in FuseMAIL POP service via long USER and PASS commands. | ||||
| CVE-2006-3028 | 1 Minerva | 1 Minerva | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in stat_modules/users_age/module.php in Minerva 2.0.8a Build 237 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-1999-0760 | 1 Allaire | 1 Coldfusion Server | 2026-04-16 | N/A |
| Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. | ||||
| CVE-1999-1453 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. | ||||
| CVE-2000-0034 | 1 Netscape | 1 Communicator | 2026-04-16 | N/A |
| Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." | ||||
| CVE-2006-3029 | 1 Clicktech | 1 Clickcart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in ClickTech Clickcart 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-1999-0769 | 4 Caldera, Debian, Paul Vixie and 1 more | 4 Openlinux, Debian Linux, Vixie Cron and 1 more | 2026-04-16 | N/A |
| Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. | ||||
| CVE-2006-3030 | 1 Dwzone | 1 Dwzone Shopping Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserName and (4) Password parameters to (b) LogIn/VerifyUserLog.asp. | ||||
| CVE-1999-0778 | 1 Xi Graphics | 1 Accelerated-x Server | 2026-04-16 | N/A |
| Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. | ||||
| CVE-2006-3031 | 1 Fipsasp | 1 Fipscms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.asp in fipsCMS 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) w, (2) phcat, (3) dayid, and (4) calw parameters. | ||||
| CVE-2006-3070 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php. | ||||
| CVE-2006-3071 | 1 Anton Belev | 1 Mp3 Search Archive | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter. | ||||