Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3993 | 1 Tsep | 1 Tsep | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter. | ||||
| CVE-2006-3994 | 1 Xmb Software | 1 Xmb Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme. | ||||
| CVE-2006-0662 | 1 Ibm | 1 Lotus Domino Inotes Client | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. | ||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2026-04-16 | N/A |
| SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | ||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2026-04-16 | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | ||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2026-04-16 | N/A |
| Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | ||||
| CVE-2006-4040 | 1 Mywebland | 1 Myevent | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | ||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2026-04-16 | N/A |
| SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | ||||
| CVE-2006-4043 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | ||||
| CVE-2006-4084 | 1 David Walker | 1 Phpautomembersarea | 2026-04-16 | N/A |
| Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." | ||||
| CVE-2006-4083 | 1 Mywebland | 1 Myevent | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-0665 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | ||||
| CVE-2006-0666 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | ||||
| CVE-2006-4106 | 1 Blursoft | 1 Blur6ex | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. | ||||
| CVE-2006-4107 | 1 Drupal | 1 Job Search | 2026-04-16 | N/A |
| SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | ||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-0668 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0669 | 1 Gasoft | 1 Gas Forum Light | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments | ||||
| CVE-2006-0670 | 1 Bluez Project | 1 Hcidump | 2026-04-16 | N/A |
| Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet. | ||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2026-04-16 | N/A |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. | ||||