Export limit exceeded: 359926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359926 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1770 | 1 Azerbaijan Development Group | 1 Azdgvote | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group (AZDG) AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter in (1) vote.php, (2) view.php, (3) admin.php, and (4) admin/index.php. | ||||
| CVE-2006-1771 | 1 Saxotech | 1 Saxopress | 2026-04-16 | N/A |
| Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter. | ||||
| CVE-2006-1772 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. | ||||
| CVE-2006-1773 | 1 Phpkit | 1 Phpkit | 2026-04-16 | N/A |
| SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php. | ||||
| CVE-2006-1774 | 1 Hp | 2 Compaqhttpserver, System Management Homepage | 2026-04-16 | N/A |
| HP System Management Homepage (SMH) 2.1.3.132, when running on CompaqHTTPServer/9.9 on Windows, Linux, or Tru64 UNIX, and when "Trust by Certificates" is not enabled, allows remote attackers to bypass authentication via a crafted URL. | ||||
| CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. | ||||
| CVE-2006-1776 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | ||||
| CVE-2006-1778 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. | ||||
| CVE-2006-1779 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. | ||||
| CVE-2006-1780 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. | ||||
| CVE-2006-1782 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. | ||||
| CVE-2006-1783 | 1 Patronet | 1 Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | ||||
| CVE-2006-1784 | 1 Sphider | 1 Sphider | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. | ||||
| CVE-2006-1786 | 1 Adobe | 1 Document Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. | ||||
| CVE-2006-1787 | 1 Adobe | 1 Document Server | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. | ||||
| CVE-2006-1788 | 1 Adobe | 1 Document Server | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. | ||||
| CVE-2006-1789 | 1 Georges Auberger | 1 Pajax | 2026-04-16 | N/A |
| Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. | ||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2026-04-16 | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | ||||
| CVE-2006-1792 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2026-04-16 | N/A |
| Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337. | ||||
| CVE-2006-1795 | 1 Updi Network Enterprise | 1 At1 Event Publisher | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. | ||||