Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2582 | 1 Rwiki | 1 Rwiki | 2026-04-16 | N/A |
| The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. | ||||
| CVE-2006-2591 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | ||||
| CVE-2006-2510 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. | ||||
| CVE-2006-2583 | 1 Nucleus Group | 1 Nucleus Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. | ||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | ||||
| CVE-2006-2589 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. | ||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | ||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2026-04-16 | N/A |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. | ||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2026-04-16 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | ||||
| CVE-2006-2660 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | ||||
| CVE-2006-2659 | 1 Double Precision Incorporated | 1 Courier Mta | 2026-04-16 | N/A |
| libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. | ||||
| CVE-2006-2754 | 1 Openldap | 1 Openldap | 2026-04-16 | N/A |
| Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | ||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. | ||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | ||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2026-04-16 | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | ||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2026-04-16 | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | ||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2026-04-16 | N/A |
| Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | ||||