Export limit exceeded: 349864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4705 | 1 Dominic Gamble | 1 Timesheet.php | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | ||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2026-04-16 | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | ||||
| CVE-2006-4718 | 1 Korviblog | 1 Korviblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. | ||||
| CVE-2006-4719 | 1 Myabracadaweb | 1 Myabracadaweb | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. | ||||
| CVE-2006-0727 | 1 Musox | 1 Df Msanalysis | 2026-04-16 | N/A |
| SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name. | ||||
| CVE-2006-4725 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A |
| Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | ||||
| CVE-2006-4739 | 1 Jetbox | 1 Jetbox Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php. | ||||
| CVE-2006-0728 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | ||||
| CVE-2006-4732 | 1 Microsoft | 1 Visual Basic | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. | ||||
| CVE-2006-4735 | 1 Kellan Elliott-mccrea | 1 Magpierss | 2026-04-16 | N/A |
| Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages. | ||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2026-04-16 | N/A |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | ||||
| CVE-2006-4746 | 1 Comscripts | 1 Web Server Creator | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | ||||
| CVE-2006-4747 | 1 Idevspot | 1 Textads | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. | ||||
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | ||||
| CVE-2006-4761 | 1 Luke Hutteman | 1 Sharpreader | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2026-04-16 | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | ||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2026-04-16 | N/A |
| Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means. | ||||
| CVE-2006-4831 | 1 Iodine | 1 Iodine | 2026-04-16 | N/A |
| Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." | ||||
| CVE-2006-4853 | 1 Haberx | 1 Haberx | 2026-04-16 | N/A |
| SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. | ||||