Export limit exceeded: 347721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5225 | 1 Aai-portal | 1 Aaiportal | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-5665 | 1 Spider Friendly | 1 Spider Friendly | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5624 | 1 Mpcs | 1 Mpcs | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5224 | 1 Dimitri Seitz | 1 Security Suite Ip Logger | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/logger_engine.php in Dimitri Seitz Security Suite IP Logger 1.0.0 in dwingmods for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2026-04-23 | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | ||||
| CVE-2006-5672 | 1 Mysource Cms | 1 Mysource Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in web/init_mysource.php in MySource CMS 2.16.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | ||||
| CVE-2006-5623 | 1 Ee Tool | 1 Ee Tool | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter. | ||||
| CVE-2006-6025 | 1 Qualcomm | 1 Eudora Worldmail | 2026-04-23 | 7.5 High |
| QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5586 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-23 | N/A |
| The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." | ||||
| CVE-2006-6859 | 1 Website Designs For Less | 1 Click N Print Coupons | 2026-04-23 | N/A |
| SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2006-6854 | 1 De Marchi Daniele | 1 Quickcam | 2026-04-23 | N/A |
| The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | ||||
| CVE-2006-5218 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2026-04-23 | N/A |
| Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. | ||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2026-04-23 | N/A |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | ||||
| CVE-2006-6847 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. | ||||
| CVE-2006-5155 | 1 Videodb | 1 Videodb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. | ||||
| CVE-2006-6843 | 1 Joomla | 1 Be It Easypartner Component | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6814 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. | ||||
| CVE-2006-5153 | 1 Kerio | 1 Personal Firewall | 2026-04-23 | N/A |
| The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. | ||||
| CVE-2006-6813 | 1 Mxmania | 1 Mxmania File Upload Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2026-04-23 | N/A |
| IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | ||||