Export limit exceeded: 344962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0933 | 1 Phpx | 1 Phpx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0934 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form. | ||||
| CVE-2006-0935 | 1 Microsoft | 1 Word | 2026-04-16 | N/A |
| Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. | ||||
| CVE-2006-0937 | 1 Unu Networks | 1 Mailgust | 2026-04-16 | N/A |
| U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password. | ||||
| CVE-2006-0938 | 1 Ez | 1 Ez Publish | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. | ||||
| CVE-2006-0939 | 1 Dci-designs | 1 Dci-taskeen | 2026-04-16 | N/A |
| SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php. | ||||
| CVE-2006-0940 | 1 Cynical Games | 1 Shoutlive | 2026-04-16 | N/A |
| Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php. | ||||
| CVE-2006-0941 | 1 Cynical Games | 1 Shoutlive | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages. | ||||
| CVE-2006-0942 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. | ||||
| CVE-2006-0943 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2006-0944 | 1 Archangelmgt | 1 Weblog | 2026-04-16 | N/A |
| Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | ||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | ||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-16 | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | ||||
| CVE-2006-0950 | 1 Unalz | 1 Unalz | 2026-04-16 | N/A |
| unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | ||||
| CVE-2006-0951 | 1 Eset Software | 1 Nod32 Antivirus | 2026-04-16 | N/A |
| The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | ||||
| CVE-2006-0956 | 1 Nufw | 1 Nufw Firewall | 2026-04-16 | N/A |
| nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. | ||||
| CVE-2006-0957 | 1 Zoneo-soft | 1 Freeforum | 2026-04-16 | N/A |
| Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php. | ||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2026-04-16 | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | ||||
| CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2026-04-16 | N/A |
| uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. | ||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2026-04-16 | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | ||||