Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4644 1 Phpfullannu 1 Phpfullannu 2026-04-16 N/A
PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
CVE-2006-4646 1 Drupal 1 Drupal Pathauto Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4647 1 Sponge News 1 Sponge News 2026-04-16 N/A
PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
CVE-2006-4648 1 Bingo News 1 Bingo News 2026-04-16 N/A
PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
CVE-2006-4651 1 Threesquared.net 1 Php Download Script 2026-04-16 N/A
Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.
CVE-2006-4652 2 Amazing Little Picture Poll, Amazing Little Poll 2 Amazing Little Picture Poll, Amazing Little Poll 2026-04-16 N/A
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
CVE-2006-4655 2 Sco, Sun 2 Unixware, Solaris 2026-04-16 N/A
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
CVE-2006-4656 1 Web-provence 1 Sl Site 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition.
CVE-2006-4657 1 Panda 1 Panda Platinum Internet Security 2026-04-16 N/A
Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.
CVE-2006-4661 1 Icq Inc 1 Icq Toolbar 2026-04-16 N/A
AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
CVE-2006-4673 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
CVE-2006-4675 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.
CVE-2006-4676 1 Tibco 1 Rendezvous 2026-04-16 N/A
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
CVE-2006-4678 1 Comscripts 1 News Evolution 2026-04-16 N/A
PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.
CVE-2006-4679 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
CVE-2006-4680 1 Canon 7 Imagerunner 2620, Imagerunner 5020, Imagerunner 6870 and 4 more 2026-04-16 N/A
The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.
CVE-2006-4681 1 Ibm 1 Director 2026-04-16 N/A
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
CVE-2006-4682 1 Ibm 1 Director 2026-04-16 N/A
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
CVE-2006-4683 1 Ibm 1 Director 2026-04-16 N/A
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
CVE-2006-4705 1 Dominic Gamble 1 Timesheet.php 2026-04-16 N/A
SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.