Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | ||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | ||||
| CVE-2006-1130 | 1 Ekinboard | 1 Ekinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | ||||
| CVE-2006-1131 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. | ||||
| CVE-2006-1132 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. | ||||
| CVE-2006-1134 | 1 Jason Smith | 1 Cyboards Php Lite | 2026-04-16 | N/A |
| SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php. | ||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. | ||||
| CVE-2005-4828 | 1 Kolab | 1 Kolab Groupware Server | 2026-04-16 | N/A |
| Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability. | ||||
| CVE-2006-1139 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2026-04-16 | N/A |
| Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. | ||||
| CVE-2006-1140 | 1 Redblog | 1 Redblog | 2026-04-16 | N/A |
| SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | ||||
| CVE-2006-1142 | 1 Solido Systems | 1 Ravenous Web Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. | ||||
| CVE-2006-1141 | 1 Inter7 | 1 Qmailadmin | 2026-04-16 | N/A |
| Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. | ||||
| CVE-2005-4831 | 1 Viewcvs | 1 Viewcvs | 2026-04-16 | N/A |
| viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected. | ||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2026-04-16 | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | ||||
| CVE-2006-1146 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. | ||||
| CVE-2006-1151 | 1 M Phorum | 1 M Phorum | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter. | ||||
| CVE-2005-4832 | 1 Oracle | 1 Oracle10g | 2026-04-16 | N/A |
| SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. | ||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. | ||||
| CVE-2006-1156 | 1 Manas Tungare | 1 Site Membership Script | 2026-04-16 | N/A |
| SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. | ||||
| CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. | ||||