Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1416 1 Xigla 1 Absolute Faq Manager .net 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter.
CVE-2006-1418 1 Caloris Planitia Technologies 1 E-school Management System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-1419 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
CVE-2006-1420 1 Arabless 1 Saphplesson 2026-04-16 N/A
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
CVE-2006-1421 1 Arthur Konze Webdesign 1 Akocomment 2026-04-16 N/A
Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.
CVE-2006-1422 1 Jjwwebdesign 1 Phpbookingcalendar 2026-04-16 N/A
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2006-1425 1 Phpmyfamily 1 Phpmyfamily 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-1427 1 Web-app.org 1 Webapp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVE-2006-1428 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.
CVE-2006-1429 1 Fusionzone 1 Classifiedzone 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter.
CVE-2006-1430 1 Controlzx 1 Hms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
CVE-2006-1431 1 Fusionzone 1 Couponzone 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters.
CVE-2006-1432 1 Fusionzone 1 Couponzone 2026-04-16 N/A
fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL.
CVE-2006-1433 1 Annuaire 1 Directory 2026-04-16 N/A
Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path.
CVE-2006-1436 1 Upoint 1 At1 Event Publisher 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm.
CVE-2006-1438 1 Andy Grayndler 1 Andys Php Knowledgebase 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.
CVE-2006-1440 1 Apple 1 Mac Os X 2026-04-16 N/A
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.
CVE-2006-1441 1 Apple 1 Mac Os X 2026-04-16 N/A
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
CVE-2006-1444 1 Apple 1 Mac Os X 2026-04-16 N/A
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services.
CVE-2006-1445 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."