Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2116 1 Planet Concept 1 Planetgallery 2026-04-16 N/A
planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php.
CVE-2006-2117 1 Extrosoft 1 Thyme 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.
CVE-2006-2121 1 I-rater 1 I-rater Platinum 2026-04-16 N/A
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
CVE-2006-2123 1 Network Administration Visualized 1 Network Administration Visualized 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2126 1 Avalon Ltd 1 Maxtrade 2026-04-16 N/A
SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters.
CVE-2006-2137 1 Openphpnuke 1 Openphpnuke 2026-04-16 N/A
PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2006-2140 1 Orbitscripts 1 Orbithyip 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php.
CVE-2006-2142 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.
CVE-2006-2143 1 Jcink 1 Textfilebb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags.
CVE-2006-2144 1 Dmcounter 1 Dmcounter 2026-04-16 N/A
PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2006-2145 1 Harold Bakker 1 Hb-ns 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter.
CVE-2006-2148 1 Cgiirc 1 Cgiirc 2026-04-16 N/A
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.
CVE-2006-2149 1 Avatic 1 Aardvark Topsites Php 2026-04-16 N/A
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
CVE-2006-2150 1 Phpbb Group 1 Phpbb Toplist 2026-04-16 N/A
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
CVE-2006-2151 1 Phpbb Group 1 Phpbb Toplist 2026-04-16 N/A
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2152 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2153 1 Jbmc Software 1 Directadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2006-2154 1 Emc 1 Retrospect 2026-04-16 N/A
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
CVE-2006-2156 1 X7 Group 1 X7 Chat 2026-04-16 N/A
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVE-2006-2158 1 Stadtaus 1 Guestbook Script 2026-04-16 N/A
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.