Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4452 | 1 Web3king | 1 Web3news | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | ||||
| CVE-2006-4453 | 1 Pmwiki | 1 Pmwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups". | ||||
| CVE-2006-4454 | 1 Hlstats | 1 Hlstats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-4987 | 1 Patrick Michaelis | 1 Wili-cms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php. | ||||
| CVE-2006-4458 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter. | ||||
| CVE-2006-3523 | 1 Clearswift | 1 Mimesweeper For Web | 2026-04-16 | N/A |
| Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. | ||||
| CVE-2006-3525 | 1 Phpcredo | 1 Phcdownload | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3526 | 1 Sport-slo | 1 Sport-slo Advanced Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. | ||||
| CVE-2006-3560 | 1 Blue Dojo | 1 Graffiti Forums | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter. | ||||
| CVE-2006-4459 | 1 Digi International Inc | 1 Anywhere Usb5 | 2026-04-16 | N/A |
| Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor. | ||||
| CVE-2006-4460 | 1 Clemens Wacha | 1 Php Iaddressbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4461 | 1 Paessler | 1 Ipcheck Server Monitor | 2026-04-16 | N/A |
| Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors. | ||||
| CVE-2006-4463 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field). | ||||
| CVE-2006-3541 | 1 Kyberna | 1 Ky2help | 2026-04-16 | N/A |
| SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes." | ||||
| CVE-2006-3542 | 1 Boxcar Media | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php. | ||||
| CVE-2006-3543 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB | ||||
| CVE-2006-3544 | 1 Invision Power Services | 1 Invision Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg action in index.php. NOTE: the developer has disputed this issue, stating that "At no point does the CODE parameter touch the database. The CODE parameter is used in a SWITCH statement to determine which function to run. | ||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2026-04-16 | N/A |
| The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | ||||
| CVE-2006-3546 | 1 Ada | 1 Imgsvr | 2026-04-16 | N/A |
| Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote attackers to cause a denial of service (daemon crash) via a long HTTP POST request. NOTE: this might be the same issue as CVE-2004-2463. | ||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | ||||