Export limit exceeded: 29867 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29867 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2610 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. | ||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | ||||
| CVE-2006-2612 | 1 Novell | 1 Client | 2025-04-03 | N/A |
| Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | ||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2025-04-03 | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | ||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | ||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | ||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2025-04-03 | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | ||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2025-04-03 | N/A |
| index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | ||||
| CVE-2006-2895 | 1 Mediawiki | 1 Mediawiki | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | ||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2025-04-03 | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | ||||
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | ||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2025-04-03 | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | ||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2025-04-03 | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | ||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | ||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2025-04-03 | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | ||||
| CVE-2006-2906 | 1 Thomas Boutell | 1 Graphics Draw Library | 2025-04-03 | N/A |
| The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. | ||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | ||||