Export limit exceeded: 355246 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6351 | 1 Khaledmuratlist | 1 Khaledmuratlist | 2026-04-23 | N/A |
| KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb. | ||||
| CVE-2006-6353 | 1 Apple | 3 Bomarchivehelper, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | ||||
| CVE-2006-6354 | 1 Duware | 11 Duamazon, Duarticle, Duclassified and 8 more | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976. | ||||
| CVE-2006-6357 | 1 Phpnews | 1 Phpnews | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6358 | 1 Stefan Frech | 1 Online-bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6363 | 1 Bluesocket | 1 Bsc 2100 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. | ||||
| CVE-2006-6364 | 1 Inside Systems | 1 Inside Systems | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2006-3887 | 1 Aol | 1 Ygp Screensaver Activex Control | 2026-04-23 | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-6370 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php. | ||||
| CVE-2006-6372 | 1 James Barnsley | 1 Jab Guest Book | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6374 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | ||||
| CVE-2006-6377 | 1 Uploadscript | 1 Uploadscript | 2026-04-23 | N/A |
| Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. | ||||
| CVE-2006-6378 | 1 Widcomm | 1 Btsavemysql | 2026-04-23 | N/A |
| BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | ||||
| CVE-2006-6380 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-6381 | 1 Ultimate Helpdesk | 1 Ultimate Helpdesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2006-6386 | 1 Drupal | 1 Cvs Management And Tracker | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. | ||||
| CVE-2006-6387 | 1 Link Content Management Server | 1 Link Content Management Server | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6389 | 1 Ac4p | 1 Ac4p Mobile | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. | ||||
| CVE-2006-6390 | 1 Open Solution | 1 Quick.cart | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts. | ||||
| CVE-2006-6393 | 1 Jonas Gauffin | 1 Publicera | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. | ||||