Export limit exceeded: 366926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6585 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected. | ||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | ||||
| CVE-2006-6589 | 1 Apache | 2 Ofbiz, Opentaps | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | ||||
| CVE-2006-6591 | 1 Exlor | 1 Exlor | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | ||||
| CVE-2006-6592 | 1 Php | 1 Bloq | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | ||||
| CVE-2006-6602 | 1 Microsoft | 2 Windows Explorer, Windows Xp | 2026-04-23 | N/A |
| explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. | ||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6617 | 1 Microsoft | 1 Project Server | 2026-04-23 | N/A |
| projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | ||||
| CVE-2006-6623 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2026-04-23 | N/A |
| Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | ||||
| CVE-2006-6624 | 1 Sambar | 1 Sambar Server | 2026-04-23 | N/A |
| The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | ||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6626 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | ||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | ||||
| CVE-2006-6632 | 1 Genepi | 1 Genepi | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | ||||
| CVE-2006-6633 | 1 Yapbb | 1 Yapbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | ||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6643 | 1 Fightersoft Multimedia | 1 Star Ftp Server | 2026-04-23 | N/A |
| Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | ||||
| CVE-2006-6661 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. | ||||
| CVE-2006-6663 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2026-04-23 | N/A |
| The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." | ||||