Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6531 1 Drupal 1 Help Tip Module 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles.
CVE-2006-6532 1 Vt-forum 1 Vt-forum Lite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6536 1 Cilem 1 Cilem Haber 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0835 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6730 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2026-04-23 N/A
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.
CVE-2006-6540 1 Bluetrait 1 Bluetrait 2026-04-23 N/A
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.
CVE-2007-0836 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6988 1 Flashpeak 1 Slim Browser 2026-04-23 N/A
Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.
CVE-2006-7096 1 Klink 1 Dim3 2026-04-23 N/A
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
CVE-2006-7097 1 Taskfreak 1 Taskfreak 2026-04-23 N/A
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
CVE-2007-0839 1 Valarsoft 1 Webmatic 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
CVE-2006-7111 1 Futomis Cgi Cafe 1 Kmail Cgi 2026-04-23 N/A
Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.
CVE-2006-7131 1 Jinzora 1 Jinzora 2026-04-23 N/A
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
CVE-2007-0840 1 Hlstats 1 Hlstats 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
CVE-2006-7140 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
CVE-2007-1146 1 Delmaa.com 1 Arabhost 2026-04-23 N/A
PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
CVE-2006-7144 1 Call-center-software 1 Call-center-software 2026-04-23 N/A
SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.
CVE-2006-7145 1 Call-center-software 1 Call-center-software 2026-04-23 N/A
edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter.
CVE-2006-7199 1 Emc 1 Rsa Security Sitekey 2026-04-23 N/A
EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages."
CVE-2006-7151 2 Gnu, Redhat 2 Libtool-ltdl, Fedora Core 2026-04-23 N/A
Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.