Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | ||||
| CVE-2006-6817 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. | ||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-23 | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | ||||
| CVE-2006-6821 | 1 Enthrallweb | 1 Enews | 2026-04-23 | N/A |
| myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter. | ||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | ||||
| CVE-2006-6835 | 1 Neocrome | 1 Land Down Under | 2026-04-23 | N/A |
| SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. | ||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | ||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | ||||
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | ||||
| CVE-2006-6843 | 1 Joomla | 1 Be It Easypartner Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | ||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | ||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2026-04-23 | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | ||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | ||||
| CVE-2006-6878 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | ||||
| CVE-2006-7131 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. | ||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7136 | 1 Phppc | 1 Php Poll Creator | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755. | ||||
| CVE-2006-7137 | 1 Tiny Portal | 1 Tiny Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. | ||||
| CVE-2006-7140 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | ||||