Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4847 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2026-04-16 | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | ||||
| CVE-2006-4849 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2006-4850 | 1 Bolinos | 1 Blinos | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. | ||||
| CVE-2006-4851 | 1 Bolinos | 1 Bolinos | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2026-04-16 | N/A |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | ||||
| CVE-2006-4859 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression. | ||||
| CVE-2006-4872 | 1 Keyvan1 | 1 Ecardpro | 2026-04-16 | N/A |
| SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2006-4875 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. | ||||
| CVE-2006-4876 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. | ||||
| CVE-2006-4877 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php. | ||||
| CVE-2006-4878 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file. | ||||
| CVE-2006-4880 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. | ||||
| CVE-2006-4894 | 1 Idevspot | 1 Nixieaffiliate | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2006-4895 | 1 Idevspot | 1 Nixieaffiliate | 2026-04-16 | N/A |
| IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | ||||
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2026-04-16 | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | ||||
| CVE-2002-1045 | 1 Ultrafunk | 1 Popcorn | 2026-04-16 | N/A |
| Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037. | ||||
| CVE-2002-1046 | 1 Watchguard | 2 Firebox, Soho Firewall | 2026-04-16 | N/A |
| Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. | ||||
| CVE-2002-1063 | 1 T. Hauck | 1 Jana Web Server | 2026-04-16 | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports. | ||||
| CVE-2002-1064 | 1 T. Hauck | 1 Jana Web Server | 2026-04-16 | N/A |
| Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server. | ||||
| CVE-2002-1072 | 1 Zyxel | 1 Prestige | 2026-04-16 | N/A |
| ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. | ||||