Export limit exceeded: 350355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350355 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2026-04-23 | N/A |
| Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | ||||
| CVE-2006-7112 | 1 Maxdev | 1 Mdpro | 2026-04-23 | N/A |
| Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. | ||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7114 | 1 Planerd.net | 1 P-news | 2026-04-23 | N/A |
| P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888. | ||||
| CVE-2006-7132 | 1 Cynux Softwares | 1 Phpmydesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php. | ||||
| CVE-2006-7116 | 1 Kubix | 1 Kubix | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. | ||||
| CVE-2006-7118 | 1 Dmxready | 1 Site Engine Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | ||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | ||||
| CVE-2006-7121 | 1 Linksys | 1 Spa921 | 2026-04-23 | N/A |
| The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. | ||||
| CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | ||||
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | ||||
| CVE-2006-7130 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770. | ||||
| CVE-2006-7131 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. | ||||
| CVE-2006-5893 | 1 Iwonder Designs | 1 Storystream | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/. | ||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7136 | 1 Phppc | 1 Php Poll Creator | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755. | ||||
| CVE-2006-7137 | 1 Tiny Portal | 1 Tiny Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. | ||||
| CVE-2006-7138 | 1 Oracle | 1 Apex | 2026-04-23 | N/A |
| SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. | ||||
| CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2026-04-23 | N/A |
| Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | ||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | ||||