Export limit exceeded: 35239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1604 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code. | ||||
| CVE-2006-1046 | 1 Monopd | 1 Monopd | 2026-04-16 | N/A |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | ||||
| CVE-2006-1611 | 1 Kgb | 1 Archiver | 2026-04-16 | N/A |
| Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename. | ||||
| CVE-2006-1050 | 1 Kwik-pay | 1 Kwik-pay Payroll | 2026-04-16 | N/A |
| Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers. | ||||
| CVE-2006-1864 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | ||||
| CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2026-04-16 | N/A |
| Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | ||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | ||||
| CVE-2006-1071 | 1 Dvguestbook | 1 Dvguestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2026-04-16 | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | ||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | ||||
| CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2026-04-16 | 8.4 High |
| Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | ||||
| CVE-2006-1104 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | ||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2026-04-16 | N/A |
| Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided. | ||||
| CVE-2006-1105 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | ||||
| CVE-2006-1106 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | ||||
| CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | ||||
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-04-16 | N/A |
| SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2026-04-16 | N/A |
| SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE. | ||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | ||||
| CVE-2006-1933 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. | ||||