Export limit exceeded: 346173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2026-04-23 | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | ||||
| CVE-2006-6850 | 1 Shadowed Works | 1 Shadowed Portal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | ||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | ||||
| CVE-2006-6852 | 1 Tdiary | 1 Tdiary | 2026-04-23 | N/A |
| Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2026-04-23 | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | ||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2026-04-23 | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6856 | 1 Webtext | 1 Webtext | 2026-04-23 | N/A |
| Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script. | ||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2006-6858 | 1 Miredo | 1 Miredo | 2026-04-23 | N/A |
| Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client. | ||||
| CVE-2006-6861 | 1 Outfront | 1 Spooky Login | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp. | ||||
| CVE-2006-6862 | 1 Outfront | 1 Spooky Login | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. | ||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | ||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2026-04-23 | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | ||||
| CVE-2006-6866 | 1 Stphp | 1 Easynews | 2026-04-23 | N/A |
| STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt. | ||||
| CVE-2006-6868 | 1 Zen Cart | 1 Web Shopping Cart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-6869 | 1 Maxdev | 1 Mdforum | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | ||||
| CVE-2006-6870 | 1 Avahi | 1 Avahi | 2026-04-23 | N/A |
| The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. | ||||
| CVE-2006-6872 | 1 Endonesia | 1 Endonesia | 2026-04-23 | N/A |
| Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | ||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2026-04-23 | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | ||||
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | ||||