Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2008 1 Built2go 1 Movie Review 2026-04-16 N/A
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.
CVE-2006-2010 1 Paras Chopra 1 Bloggage 2026-04-16 N/A
Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter.
CVE-2006-2011 1 4homepages 1 4images 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php.
CVE-2006-2029 1 Simplog 1 Simplog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
CVE-2006-2030 1 Alliedtelesyn 1 At-9724ts 2026-04-16 N/A
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.
CVE-2006-2032 1 Corenews 1 Corenews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
CVE-2006-2033 1 Corenews 1 Corenews 2026-04-16 N/A
PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.
CVE-2006-2034 1 Flexbb 1 Flexbb 2026-04-16 N/A
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
CVE-2006-2035 1 Websense 1 Websense 2026-04-16 N/A
Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.
CVE-2006-2036 1 Iopus 1 Secure Email Attachments 2026-04-16 N/A
iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring.
CVE-2006-2037 1 Thwboard 1 Thwboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.
CVE-2006-2038 1 Amplecom 1 Ampleshop 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
CVE-2006-2039 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2041 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2043 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
CVE-2006-2044 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.
CVE-2006-2045 1 Ip3 Networks 1 Ip3 Netaccess 75 2026-04-16 N/A
The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.
CVE-2006-2046 1 Application Dynamics 1 Cartweaver Coldfusion 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
CVE-2006-2047 1 Application Dynamics 1 Cartweaver Coldfusion 2026-04-16 N/A
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
CVE-2006-2049 1 Dcscripts 1 Dcforumlite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter.