Export limit exceeded: 349534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349534 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2978 | 1 Mafia Moblog | 1 Mafia Moblog | 2026-04-16 | N/A |
| Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php. | ||||
| CVE-1999-0753 | 1 Hughes | 1 Msql | 2026-04-16 | N/A |
| The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. | ||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. | ||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2026-04-16 | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | ||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2026-04-16 | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | ||||
| CVE-1999-0754 | 1 Isc | 1 Inn | 2026-04-16 | N/A |
| The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. | ||||
| CVE-1999-0755 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. | ||||
| CVE-2006-2982 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php. | ||||
| CVE-2006-2983 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | ||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | ||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | ||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. | ||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | ||||
| CVE-2006-3003 | 1 Easy Ad-manager | 1 Easy Ad-manager | 2026-04-16 | N/A |
| details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed. | ||||
| CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2026-04-16 | N/A |
| ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | ||||
| CVE-2006-3009 | 1 Aliacom | 1 Open Business Management | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files such as (a) publication/publication_index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php. | ||||
| CVE-2006-3016 | 2 Php Group, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | ||||
| CVE-2006-3019 | 1 Phpcms | 1 Phpcms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7. | ||||
| CVE-2006-3020 | 1 Planete Afrique | 1 Ws-album | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters. | ||||