Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4545 | 1 Modulebased Cms | 1 Modulebased Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker | ||||
| CVE-2006-4546 | 1 Lyris | 1 List Manager | 2026-04-16 | N/A |
| Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. | ||||
| CVE-2006-4547 | 1 Lyris | 1 List Manager | 2026-04-16 | N/A |
| Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. | ||||
| CVE-2006-4550 | 1 Chxo | 1 Feedsplitter | 2026-04-16 | N/A |
| Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check. | ||||
| CVE-2006-4551 | 1 Chxo | 1 Feedsplitter | 2026-04-16 | N/A |
| Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. | ||||
| CVE-2006-4552 | 1 Chxo | 1 Feedsplitter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. | ||||
| CVE-2006-4554 | 1 Becubed | 1 Compression Plus | 2026-04-16 | N/A |
| Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header. | ||||
| CVE-2006-4555 | 1 Retro64 | 1 Cr64loader Activex Control | 2026-04-16 | N/A |
| Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. | ||||
| CVE-2006-4556 | 2 Joomla, Mambo | 2 Jim Component, Jim Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242 | ||||
| CVE-2006-4560 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. | ||||
| CVE-2006-3517 | 1 Rwscripts.com | 1 Rw Download | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2006-3518 | 1 Webvizyon.net | 1 Webvizyon Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | ||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | ||||
| CVE-2006-3521 | 1 Simian Systems Inc | 1 Siteforge Collaborative Development Platform | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _extra1, (3) _extra2, or (4) _extra3 parameters. | ||||
| CVE-2006-3523 | 1 Clearswift | 1 Mimesweeper For Web | 2026-04-16 | N/A |
| Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. | ||||
| CVE-2006-3525 | 1 Phpcredo | 1 Phcdownload | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3526 | 1 Sport-slo | 1 Sport-slo Advanced Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. | ||||
| CVE-2006-3560 | 1 Blue Dojo | 1 Graffiti Forums | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter. | ||||
| CVE-2006-3541 | 1 Kyberna | 1 Ky2help | 2026-04-16 | N/A |
| SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes." | ||||