Export limit exceeded: 361649 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2720 | 1 Variomat | 1 Variomat | 2026-04-16 | N/A |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. | ||||
| CVE-2006-2721 | 1 Variomat | 1 Variomat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-2724 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. | ||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. | ||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. | ||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2026-04-16 | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | ||||
| CVE-2006-3256 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2006-3258 | 1 Bnbt | 2 Easytracker, Trinedit | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. | ||||
| CVE-2006-3259 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). | ||||
| CVE-2006-3260 | 1 Virtual Design Studios | 1 Vlbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2006-3261 | 1 Trend Micro | 1 Control Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. | ||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
| CVE-2006-3263 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2026-04-16 | N/A |
| requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | ||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | ||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | ||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | ||||
| CVE-2006-3288 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | ||||