Export limit exceeded: 344927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4540 | 1 Learn.com | 1 Learncenter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-4548 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107. | ||||
| CVE-2006-4563 | 1 Phpnuke | 1 Myheadlines | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php. | ||||
| CVE-1999-0901 | 1 Linux-nis | 1 Ypserv | 2026-04-16 | N/A |
| ypserv allows a local user to modify the GECOS and login shells of other users. | ||||
| CVE-1999-0902 | 1 Linux-nis | 1 Ypserv | 2026-04-16 | N/A |
| ypserv allows local administrators to modify password tables. | ||||
| CVE-2006-4604 | 1 Lanifex | 1 Lanifex | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. | ||||
| CVE-2006-4613 | 1 Securecomputing | 4 Snapgear Sg560, Snapgear Sg565, Snapgear Sg580 and 1 more | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. | ||||
| CVE-2006-4621 | 1 Bare Concept Media | 1 Pheap Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. | ||||
| CVE-2006-4623 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. | ||||
| CVE-2006-4637 | 1 Acgv News | 1 Acgv News | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information. | ||||
| CVE-2006-4645 | 1 Akarru | 1 Social Bookmarking Engine | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter. | ||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | ||||
| CVE-2006-4653 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2026-04-16 | N/A |
| (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). | ||||
| CVE-2006-4661 | 1 Icq Inc | 1 Icq Toolbar | 2026-04-16 | N/A |
| AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. | ||||
| CVE-2006-4669 | 1 Somery | 1 Somery | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter. | ||||
| CVE-2006-4672 | 1 Profitcode | 1 Ppalcart | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php. | ||||
| CVE-2006-4674 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. | ||||
| CVE-2006-4677 | 1 Phpopenchat | 1 Phpopenchat | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE | ||||
| CVE-2006-4764 | 1 Wtools | 1 Wtools | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-1999-0903 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. | ||||