Export limit exceeded: 350591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350591 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2026-04-16 | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | ||||
| CVE-2006-2678 | 1 Pre Projects | 1 Pre News Manager | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. | ||||
| CVE-2006-2679 | 1 Cisco | 1 Vpn Client | 2026-04-16 | N/A |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. | ||||
| CVE-2006-2681 | 1 Socketmail | 1 Socketmail | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php. | ||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | ||||
| CVE-2006-2683 | 1 Open-medium | 1 Open-medium Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. | ||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | ||||
| CVE-2006-2685 | 1 Kevin Johnson | 1 Basic Analysis And Security Engine | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. | ||||
| CVE-2006-2686 | 1 Actionapps | 1 Actionapps | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder. | ||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | ||||
| CVE-2006-2690 | 1 Eva-web | 1 Eva-web | 2026-04-16 | N/A |
| An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters. | ||||
| CVE-2006-2691 | 1 Amule | 1 Amule | 2026-04-16 | N/A |
| Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. | ||||
| CVE-2006-2692 | 1 Amule | 1 Amule | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. | ||||
| CVE-2006-2693 | 1 Nivisec | 1 Hacks List | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter. | ||||
| CVE-2006-2694 | 1 Scriptscenter | 1 Ezupload Pro | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php. | ||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2026-04-16 | N/A |
| admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | ||||
| CVE-2006-2696 | 1 Easy-content Forums | 1 Easy-content Forums | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp. | ||||
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. | ||||
| CVE-2006-2698 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | ||||
| CVE-2006-2700 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the loginname parameter. | ||||