Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5024 1 Paisterist 1 Simple Http Scanner 2026-04-23 9.8 Critical
Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.
CVE-2006-6842 1 Codemonkeyx 1 Acronym Mod 2026-04-23 N/A
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2631 1 Squirrelmail 1 Squirrelmail 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. NOTE: this issue might overlap CVE-2007-2589 or CVE-2002-1648.
CVE-2006-6147 1 Jiros 1 Links Manager 2026-04-23 N/A
Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.
CVE-2006-5204 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
CVE-2008-5086 2 Libvirt, Redhat 2 Libvirt, Rhel Virtualization 2026-04-23 N/A
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
CVE-2006-5021 1 Redblog 1 Redblog 2026-04-23 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-6352 1 Frisk Software 1 F-prot Antivirus 2026-04-23 N/A
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
CVE-2006-6146 1 Takeshi Kanno 1 Haru Free Pdf Library 2026-04-23 N/A
Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.
CVE-2006-5019 1 Google 1 Mini Search Appliance 2026-04-23 N/A
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
CVE-2006-5017 1 E-vision 1 E-vision Cms 2026-04-23 N/A
SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter.
CVE-2007-4626 1 Polipo 1 Polipo 2026-04-23 N/A
Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
CVE-2006-5015 1 Kietu 1 Kietu 2026-04-23 N/A
PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
CVE-2006-5212 1 Trend Micro 1 Officescan 2026-04-23 N/A
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
CVE-2007-3557 1 Wheatblog 1 Wheatblog 2026-04-23 N/A
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
CVE-2006-5205 1 Invision Power Services 1 Invision Gallery 2026-04-23 N/A
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
CVE-2007-1510 1 Particle Blogger 1 Particle Blogger 2026-04-23 N/A
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2007-0340 1 Thwboard 1 Thwboard 2026-04-23 N/A
SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
CVE-2007-4153 1 Wordpress 1 Wordpress 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
CVE-2006-6158 3 Ace Helpdesk, Inverseflow, Pmos Helpdesk 3 Ace Helpdesk, Help Desk, Pmos Helpdesk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.