Export limit exceeded: 348521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2866 | 1 Dotclear | 1 Dotclear | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in layout/prepend.php in DotClear 1.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a FTP URL in the blog_dc_path parameter, which passes file_exists() and is_dir() tests on PHP 5. | ||||
| CVE-2006-2868 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. | ||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2026-04-16 | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | ||||
| CVE-2006-2587 | 1 Even Balance | 1 Punkbuster | 2026-04-16 | N/A |
| Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter. | ||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | ||||
| CVE-2006-2588 | 1 Russcom Network | 1 Phpimages | 2026-04-16 | N/A |
| Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability. | ||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | ||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2026-04-16 | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | ||||
| CVE-2006-2630 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2006-2631 | 1 Phpfox | 1 Phpfox | 2026-04-16 | N/A |
| phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. | ||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | ||||
| CVE-2006-2633 | 1 Andrew Godwin | 1 Bytehoard | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter. | ||||
| CVE-2006-2634 | 1 Neocrome | 1 Seditio | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. | ||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | ||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | ||||
| CVE-2006-2643 | 1 Circle R | 1 Monster Top List | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter. | ||||
| CVE-2006-2644 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. | ||||
| CVE-2006-2646 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). | ||||
| CVE-2006-2647 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. | ||||