Export limit exceeded: 349823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349823 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2745 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. | ||||
| CVE-1999-0594 | 2026-04-16 | N/A | ||
| A Windows NT system does not restrict access to removable media drives such as a floppy disk drive or CDROM drive. | ||||
| CVE-2006-2746 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues. | ||||
| CVE-2006-2748 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php. | ||||
| CVE-2006-2750 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. | ||||
| CVE-2006-2751 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. | ||||
| CVE-2006-2752 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. | ||||
| CVE-2006-2753 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-16 | N/A |
| SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | ||||
| CVE-2006-2755 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. | ||||
| CVE-2006-2756 | 1 Eitsop | 1 My Web Server | 2026-04-16 | N/A |
| Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. | ||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2026-04-16 | 5.3 Medium |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | ||||
| CVE-2006-2759 | 1 Jetty | 1 Jetty | 2026-04-16 | 5.3 Medium |
| jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. | ||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2026-04-16 | N/A |
| SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2006-2761 | 1 Hitachi | 1 Hitsenser3 | 2026-04-16 | N/A |
| SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-1999-0596 | 2026-04-16 | N/A | ||
| A Windows NT log file has an inappropriate maximum size or retention period. | ||||
| CVE-2006-2762 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call. | ||||
| CVE-2006-2763 | 1 Pre Projects | 1 Pre News Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678. | ||||
| CVE-1999-0597 | 2026-04-16 | N/A | ||
| A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire. | ||||
| CVE-2006-2772 | 1 Hogstorps | 1 Hogstorp Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-1999-0598 | 2026-04-16 | N/A | ||
| A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. | ||||