Export limit exceeded: 351115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | ||||
| CVE-2006-2474 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter. | ||||
| CVE-2006-2475 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | ||||
| CVE-2006-2476 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-2477 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | ||||
| CVE-2006-2478 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. | ||||
| CVE-2006-2479 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site. | ||||
| CVE-2006-2483 | 1 Lighthouse Development | 1 Squirrelcart | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter. | ||||
| CVE-2006-2484 | 1 Icewarp | 1 Web Mail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. | ||||
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | ||||
| CVE-2006-2486 | 1 Yapbb | 1 Yapbb | 2026-04-16 | N/A |
| SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter. | ||||
| CVE-2006-2487 | 1 Scoznet | 1 Scoznews | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue. | ||||
| CVE-2006-2489 | 1 Nagios | 1 Nagios | 2026-04-16 | N/A |
| Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. | ||||
| CVE-2006-2491 | 2 Boastmachine, Kailash Nadh | 2 Boastmachine, Boastmachine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | ||||
| CVE-2006-2507 | 1 Teake Nutma | 1 Foing | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | ||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2026-04-16 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | ||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2510 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. | ||||
| CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2026-04-16 | N/A |
| The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | ||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | ||||