Export limit exceeded: 29912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4421 | 1 Yapig | 1 Yapig | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter. | ||||
| CVE-2006-4422 | 1 Jetbox | 1 Jetbox Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8 | ||||
| CVE-2006-4423 | 1 Bigace | 1 Bigace | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php. | ||||
| CVE-2006-4424 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | ||||
| CVE-2006-4477 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php. | ||||
| CVE-2006-4478 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | ||||
| CVE-2006-4479 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. | ||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | ||||
| CVE-2006-4498 | 1 Phpalbum.net | 1 Phpalbum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922. | ||||
| CVE-2006-4506 | 1 Netiq | 1 Identity Manager | 2026-04-16 | N/A |
| idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection. | ||||
| CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2026-04-16 | N/A |
| Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. | ||||
| CVE-2006-4508 | 2 Scatterchat, Tor | 2 Scatterchat, Tor | 2026-04-16 | N/A |
| Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors. | ||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2026-04-16 | N/A |
| The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. | ||||
| CVE-2006-4524 | 1 Digiappz | 1 Freekot | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-4525 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. | ||||
| CVE-2006-4526 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | ||||
| CVE-2006-4527 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. | ||||
| CVE-2006-4528 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. | ||||
| CVE-2006-4529 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. | ||||
| CVE-2006-4530 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | ||||