Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2059 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
CVE-2006-2060 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
CVE-2006-2061 1 Invision Power Services 2 Invision Board, Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
CVE-2006-2064 1 Sun 1 Solaris 2026-04-16 N/A
Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.
CVE-2006-2065 1 Phpsurveyor 1 Phpsurveyor 2026-04-16 N/A
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
CVE-2006-2067 1 Mkportal 1 Mkportal 2026-04-16 N/A
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2006-2068 1 Hitachi 9 Jp1-cm2-network Node Manager, Jp1-cm2-network Node Manager 250, Jpi Automatic Job Management System 2 and 6 more 2026-04-16 N/A
Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.
CVE-2006-2118 1 Jmk Web Scripts 1 Jmk Picture Gallery 2026-04-16 N/A
JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action.
CVE-2006-2087 1 Hitachi 4 Groupmax Integrated Desktop, Groupmax Mail, Groupmax World Wide Web and 1 more 2026-04-16 N/A
The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename.
CVE-2006-2088 1 Devsyn 1 Open Bulletin Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).
CVE-2006-2089 1 Mysmartbb 1 Mysmartbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters.
CVE-2006-2091 1 Vwar 1 Virtual War 2026-04-16 N/A
admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message.
CVE-2006-2092 1 Hp 1 Storageworks Secure Path Windows 2026-04-16 N/A
Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors.
CVE-2006-2096 1 Neocrome 1 Land Down Under 2026-04-16 N/A
plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message.
CVE-2006-2097 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
CVE-2006-2098 1 Php Thumbnail Autoindex 1 Php Thumbnail Autoindex 2026-04-16 N/A
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.
CVE-2006-2099 1 Ezb Systems 1 Ultraiso 2026-04-16 N/A
Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
CVE-2006-2100 1 Magic Iso Maker 1 Magic Iso Maker 2026-04-16 N/A
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
CVE-2006-2102 1 Poweriso 1 Poweriso 2026-04-16 N/A
Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
CVE-2006-2104 1 Kmail 1 Kmail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.