Export limit exceeded: 349409 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0688 | 1 Nicecoder | 1 Indexu | 2026-04-16 | N/A |
| PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | ||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | ||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2026-04-16 | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | ||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters. | ||||
| CVE-2006-0694 | 1 Ansilove | 1 Ansilove | 2026-04-16 | N/A |
| Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". | ||||
| CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2026-04-16 | N/A |
| Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. | ||||
| CVE-2006-0696 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | ||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | ||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | ||||
| CVE-2006-0717 | 1 Ibm | 1 Tivoli Directory Server | 2026-04-16 | N/A |
| IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | ||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | ||||
| CVE-2006-0721 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | ||||
| CVE-2006-0722 | 1 Reamday Enterprises | 1 Magic Downloads | 2026-04-16 | N/A |
| settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | ||||
| CVE-2006-0724 | 1 Reamday Enterprises | 1 Magic News Lite | 2026-04-16 | N/A |
| profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | ||||
| CVE-2006-0726 | 1 Cpg-nuke | 1 Dragonfly Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. | ||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2026-04-16 | N/A |
| SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | ||||
| CVE-2006-0728 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | ||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2026-04-16 | N/A |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | ||||
| CVE-2006-0737 | 1 Estara | 1 Softphone | 2026-04-16 | N/A |
| eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field. | ||||