Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4716 | 1 Fire Soft Board | 1 Fire Soft Board | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | ||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2026-04-16 | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | ||||
| CVE-2006-4718 | 1 Korviblog | 1 Korviblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. | ||||
| CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. | ||||
| CVE-2006-4720 | 1 Mcgallery | 1 Mcgallery Pro | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | ||||
| CVE-2006-4721 | 1 Ccleague | 1 Pro Sports Cms | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file. | ||||
| CVE-2006-4723 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. | ||||
| CVE-2006-4724 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A |
| Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | ||||
| CVE-2006-4745 | 1 Scarybear | 1 Pocketexpense Pro | 2026-04-16 | N/A |
| ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header. | ||||
| CVE-2006-4746 | 1 Comscripts | 1 Web Server Creator | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | ||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. | ||||
| CVE-2006-4749 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. | ||||
| CVE-2006-4750 | 1 Openi-cms Group | 1 Openi-cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. | ||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. | ||||
| CVE-2006-4752 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2026-04-16 | N/A |
| Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter. | ||||
| CVE-2006-4753 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | ||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | ||||
| CVE-2005-1671 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | ||||
| CVE-2005-1670 | 1 Extremenetworks | 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos | 2026-04-16 | N/A |
| Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | ||||