Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0907 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. | ||||
| CVE-2006-1571 | 1 R2xdesign | 1 Qlitenews | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2026-04-16 | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | ||||
| CVE-2006-1930 | 1 Hoito | 1 Green Minute | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations | ||||
| CVE-2006-1990 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. | ||||
| CVE-2006-0910 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories. | ||||
| CVE-2006-0918 | 1 Ritlabs | 1 The Bat | 2026-04-16 | N/A |
| Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field. | ||||
| CVE-2006-1572 | 1 O2php.com | 1 Oxygen | 2026-04-16 | N/A |
| SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. | ||||
| CVE-2006-0919 | 1 Oi | 1 Email Marketing System | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2006-1573 | 1 Mediaslash.com | 1 Mediaslash Gallery | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable). | ||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2026-04-16 | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | ||||
| CVE-2006-1004 | 1 Cactusoft | 1 Parodia | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1005 | 1 Cactusoft | 1 Parodia | 2026-04-16 | N/A |
| agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1603 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1851 | 1 Skymarx Solutions | 1 Xflow | 2026-04-16 | N/A |
| xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values. | ||||
| CVE-2006-1007 | 1 Nathan Landry | 1 N8cms Sitesuite Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php. | ||||
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | ||||
| CVE-2006-1859 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak." | ||||
| CVE-2006-1008 | 1 Nathan Landry | 1 N8cms Sitesuite Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection. | ||||
| CVE-2006-1009 | 1 M4 Project | 1 Enigma-suite | 2026-04-16 | N/A |
| M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. | ||||