Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1634 1 Lucidcms 1 Lucidcms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter.
CVE-2006-1635 1 Lucidcms 1 Lucidcms 2026-04-16 N/A
LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message.
CVE-2006-1662 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.
CVE-2006-1638 1 Aweb Labs 1 Awebbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.
CVE-2006-1640 1 Czaries Network 1 Czarnews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2006-1641 1 Czaries Network 1 Czarnews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.
CVE-2006-1642 1 Interact 1 Interact 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
CVE-2006-1661 1 Sk Soft 1 Skforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
CVE-2006-1665 1 Arab Portal 1 Arab Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php.
CVE-2006-1666 1 Arab Portal 1 Arab Portal 2026-04-16 N/A
SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter.
CVE-2006-1667 1 Crafty Syntax Image Gallery 1 Crafty Syntax Image Gallery 2026-04-16 N/A
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.
CVE-2006-1668 1 Crafty Syntax Image Gallery 1 Crafty Syntax Image Gallery 2026-04-16 N/A
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php.
CVE-2006-1669 1 Phpheaven 1 Phpmychat 2026-04-16 N/A
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.
CVE-2006-1670 1 Cisco 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15454 Mstp and 2 more 2026-04-16 N/A
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910.
CVE-2006-1679 1 Jupiter Cms 1 Jupiter Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.
CVE-2006-1672 1 Cisco 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more 2026-04-16 N/A
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
CVE-2006-1673 1 Jelsoft 1 Vbug Tracker 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.
CVE-2006-1674 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.
CVE-2006-1675 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674.
CVE-2006-1678 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.