Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5432 1 Marc Giombetti 1 Phppowercards 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.
CVE-2006-5434 1 P-news 1 P-news 2026-04-23 N/A
PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 and 1.17 allows remote attackers to execute arbitrary PHP code via a URL in the pn_lang parameter.
CVE-2006-5455 1 Mozilla 1 Bugzilla 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.
CVE-2006-5457 1 Casinosoft 1 Casino Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.
CVE-2006-5465 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Application Stack and 1 more 2026-04-23 N/A
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVE-2006-5463 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
CVE-2006-5473 1 Softerra 1 Php Developer Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code
CVE-2006-6079 1 Imendio Ab 1 Loudmouth 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.
CVE-2006-5181 1 Joshua Muheim 1 Phpmywebmin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124.
CVE-2006-6120 2 Kde, Redhat 2 Koffice, Enterprise Linux 2026-04-23 N/A
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
CVE-2006-6145 1 Cryptocard 1 Crypto-server 2026-04-23 N/A
CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5855 1 Ibm 1 Tivoli Storage Manager 2026-04-23 N/A
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
CVE-2006-6464 1 Midicart Software 1 Midicart Php Shopping Cart 2026-04-23 N/A
viewcart in Midicart accepts negative numbers in the Qty (quantity) field, which allows remote attackers to obtain a smaller total price for a shopping cart.
CVE-2006-6188 1 Clicktech 1 Clickgallery 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-6193 1 Basicforum 1 Basicforum 2026-04-23 N/A
SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6596 1 Hilgraeve 1 Hyperaccess 2026-04-23 N/A
HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer.
CVE-2009-3983 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-23 N/A
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
CVE-2006-6231 1 Vubb 1 Vubb 2026-04-23 N/A
vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.
CVE-2006-6233 1 Postnuke Software Foundation 1 Postnuke 2026-04-23 N/A
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
CVE-2006-6234 1 Francisco Burzi 1 Php-nuke 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.