Export limit exceeded: 16470 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | ||||
| CVE-2006-4760 | 1 Benjamin Pasero And Tobias Eichert | 1 Rssowl | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4761 | 1 Luke Hutteman | 1 Sharpreader | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4762 | 1 Rssreader | 1 Rssreader | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4763 | 1 Ibm | 1 Lotus Domino Web Access | 2026-04-16 | N/A |
| IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. | ||||
| CVE-2006-4765 | 1 Netgear | 1 Dg834gt | 2026-04-16 | N/A |
| NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. | ||||
| CVE-2006-4766 | 1 Stefan Ernst | 1 Newsscript | 2026-04-16 | N/A |
| Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter. | ||||
| CVE-2006-4768 | 1 Stefan Ernst | 1 Newsscript | 2026-04-16 | N/A |
| Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis. | ||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. | ||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | ||||
| CVE-2006-4771 | 1 Jbc | 1 Forumjbc | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. | ||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2026-04-16 | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | ||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2026-04-16 | N/A |
| SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information. | ||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | ||||
| CVE-2006-4783 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | ||||
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | ||||
| CVE-2006-4786 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. | ||||
| CVE-2002-1131 | 2 Redhat, Squirrelmail | 2 Linux, Squirrelmail | 2026-04-16 | N/A |
| Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php. | ||||
| CVE-2004-2435 | 1 Peoplesoft | 1 Hrms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. | ||||