Export limit exceeded: 344950 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344950 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3554 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | ||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2026-04-16 | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | ||||
| CVE-2006-3472 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3477 | 1 Stalker | 1 Communigate | 2026-04-16 | N/A |
| Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox. | ||||
| CVE-1999-0488 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. | ||||
| CVE-2006-3474 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php. | ||||
| CVE-2006-3475 | 1 Free Qboard | 1 Free Qboard | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998. | ||||
| CVE-2006-3476 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-3478 | 1 Myphp Cms | 1 Myphp Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter. | ||||
| CVE-1999-0489 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. | ||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2026-04-16 | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | ||||
| CVE-2006-3479 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php. | ||||
| CVE-2006-3480 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. | ||||
| CVE-1999-0492 | 2026-04-16 | N/A | ||
| The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. | ||||
| CVE-2006-3481 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | ||||
| CVE-1999-0493 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. | ||||
| CVE-2006-3482 | 1 Phpmaillist | 1 Phpmaillist | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-1999-0494 | 1 Wingate | 1 Wingate | 2026-04-16 | N/A |
| Denial of service in WinGate proxy through a buffer overflow in POP3. | ||||
| CVE-2006-3483 | 1 Phpmaillist | 1 Phpmaillist | 2026-04-16 | N/A |
| PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat. | ||||
| CVE-1999-0495 | 2026-04-16 | N/A | ||
| A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares. | ||||