Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1994 | 1 Dforum | 1 Dforum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | ||||
| CVE-2006-2002 | 1 Mygamingladder | 1 Mygamingladder | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | ||||
| CVE-2006-2043 | 1 Ip3 Networks | 1 Ip3 Netaccess 75 | 2026-04-16 | N/A |
| na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). | ||||
| CVE-1999-0848 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2026-04-16 | N/A |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. | ||||
| CVE-1999-0875 | 2 Microsoft, Sun | 5 Windows 2000, Windows 95, Windows 98se and 2 more | 2026-04-16 | N/A |
| DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. | ||||
| CVE-2000-0458 | 1 Imp | 1 Imp | 2026-04-16 | N/A |
| The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. | ||||
| CVE-2006-2018 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4. | ||||
| CVE-2006-2026 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." | ||||
| CVE-2006-2034 | 1 Flexbb | 1 Flexbb | 2026-04-16 | N/A |
| SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | ||||
| CVE-2006-2051 | 1 Nextage | 1 Nextage Shopping Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. | ||||
| CVE-2006-2052 | 1 Verosky Media | 1 Instant Photo Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product. | ||||
| CVE-2006-2082 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | ||||
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | ||||
| CVE-2006-2093 | 1 Nessus | 1 Nessus | 2026-04-16 | N/A |
| Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. | ||||
| CVE-2006-2113 | 2 Dell, Fuji Xerox | 19 3000cn, 3010cn, 3100cn and 16 more | 2026-04-16 | N/A |
| The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. | ||||
| CVE-2006-2131 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions. | ||||
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | ||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2026-04-16 | N/A |
| Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | ||||
| CVE-2006-2174 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. | ||||
| CVE-2006-2178 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection. | ||||