Export limit exceeded: 344908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2970 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message. | ||||
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | ||||
| CVE-2006-2974 | 1 Emailarchitect | 1 Email Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp. | ||||
| CVE-2006-2983 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | ||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | ||||
| CVE-2006-3016 | 2 Php Group, Redhat | 3 Php, Enterprise Linux, Rhel Stronghold | 2026-04-16 | N/A |
| Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name(). | ||||
| CVE-2006-3026 | 1 Clicktech | 1 Clickgallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. | ||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement | ||||
| CVE-2006-3078 | 1 Apboard | 1 Apboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. | ||||
| CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2026-04-16 | N/A |
| Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | ||||
| CVE-2006-3066 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | ||||
| CVE-2006-3067 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. | ||||
| CVE-2006-3123 | 1 Matt Blaze | 1 Cryptographic File System | 2026-04-16 | N/A |
| Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb. | ||||
| CVE-2006-3096 | 1 Ipostmx | 1 Ipostmx 2005 | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determine the cause of the removal. | ||||
| CVE-2006-3107 | 1 Docebo | 1 Docebo | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different. | ||||
| CVE-2006-3115 | 1 Spiffyjr | 1 Phpraid | 2026-04-16 | N/A |
| SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter. | ||||
| CVE-2006-3131 | 1 Clubpage | 1 Clubpage | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php. | ||||
| CVE-2006-3137 | 1 Cutting Edge Computing | 1 Edge Ecommerce Shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. | ||||
| CVE-2006-3141 | 1 Dpivision | 1 Tradingeye Shop | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||