Export limit exceeded: 351338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351338 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2875 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | ||||
| CVE-2006-2876 | 1 Deltascripts | 1 Php Pro Publish | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | ||||
| CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | ||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | ||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2026-04-16 | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | ||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | ||||
| CVE-2000-0029 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. | ||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | ||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | ||||
| CVE-1999-0710 | 1 Redhat | 2 Enterprise Linux, Linux | 2026-04-16 | N/A |
| The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems. | ||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2026-04-16 | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | ||||
| CVE-2006-2887 | 1 Aspburst | 1 Mynewsletter | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | ||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | ||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | ||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | ||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | ||||
| CVE-2006-2910 | 1 Cowon America | 1 Jetaudio | 2026-04-16 | N/A |
| Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | ||||