Export limit exceeded: 29926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29926 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1693 | 1 Globalscape | 1 Secure Ftp Server | 2026-04-16 | N/A |
| Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. | ||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2026-04-16 | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1695 | 1 Fbida | 1 Fbida | 2026-04-16 | N/A |
| The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID]. | ||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | ||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | ||||
| CVE-2006-1713 | 1 Phpmyforum | 1 Phpmyforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-1714 | 1 Phpmyforum | 1 Phpmyforum | 2026-04-16 | N/A |
| CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. | ||||
| CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | ||||
| CVE-2006-1717 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. | ||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2026-04-16 | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | ||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. | ||||
| CVE-2006-1720 | 1 Arabless | 1 Saphplesson | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. | ||||
| CVE-2006-1722 | 1 Suche | 1 Shopxs | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. | ||||
| CVE-2006-1987 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible. | ||||
| CVE-2006-1989 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | ||||
| CVE-2006-1994 | 1 Dforum | 1 Dforum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | ||||
| CVE-2006-1995 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | ||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | ||||
| CVE-2006-1998 | 1 Openttd | 1 Openttd | 2026-04-16 | N/A |
| OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error. | ||||
| CVE-2006-2007 | 1 Winny | 1 Winny | 2026-04-16 | N/A |
| Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port. | ||||