Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. | ||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | ||||
| CVE-2006-2948 | 1 Alan Ward | 1 A-cart | 2026-04-16 | N/A |
| A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. | ||||
| CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | ||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | ||||
| CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2026-04-16 | N/A |
| SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | ||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | ||||
| CVE-2006-2956 | 1 Skoom | 1 I.list | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. | ||||
| CVE-2006-2957 | 1 Skoom | 1 I.list | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2958 | 1 Filzip | 1 Filzip | 2026-04-16 | N/A |
| Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2959 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | N/A |
| SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. | ||||
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | ||||
| CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | ||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | ||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | ||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2026-04-16 | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | ||||
| CVE-2006-3237 | 1 Senokian Solutions | 1 Enterprise Groupware Systems | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | ||||
| CVE-2006-3239 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | ||||
| CVE-2006-3241 | 1 Xennobb | 1 Xennobb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter. | ||||