Export limit exceeded: 29926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | ||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | ||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | ||||
| CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2026-04-16 | N/A |
| The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | ||||
| CVE-2006-1846 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others. | ||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1848 | 1 Linpha | 1 Linpha | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter. | ||||
| CVE-2006-1849 | 1 Skymarx Solutions | 1 Xflow | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter. | ||||
| CVE-2006-1850 | 1 Skymarx Solutions | 1 Xflow | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi. | ||||
| CVE-2006-1852 | 1 Scriptsfrenzy | 1 Article Publisher Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter. | ||||
| CVE-2006-1853 | 1 Moderngigabyte | 1 Modernbill | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php. | ||||
| CVE-2006-1854 | 1 Bluepay | 1 Bluepay Manager | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute | ||||
| CVE-2006-1855 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | ||||
| CVE-2006-1856 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-1999-0522 | 2026-04-16 | N/A | ||
| The permissions for a system-critical NIS+ table (e.g. passwd) are inappropriate. | ||||
| CVE-2006-1860 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack. | ||||
| CVE-2006-1862 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | ||||
| CVE-2006-1863 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864. | ||||
| CVE-2006-1883 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05. | ||||
| CVE-2006-1879 | 1 Oracle | 1 Collaboration Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04. | ||||