Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5099 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-23 | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. | ||||
| CVE-2006-7012 | 1 Scart | 1 Scart | 2026-04-23 | N/A |
| scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. | ||||
| CVE-2006-7004 | 1 Php Script Tools | 1 Psy Auction | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5098 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-23 | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | ||||
| CVE-2006-7003 | 1 Fusionphp | 1 Fusion Polls | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | ||||
| CVE-2006-6992 | 1 Gosurf Browser | 1 Gosurf Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-5090 | 1 Phoenix Evolution | 1 Phoenix Evolution Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5017 | 1 E-vision | 1 E-vision Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | ||||
| CVE-2006-6008 | 1 Netkit | 1 Netkit | 2026-04-23 | N/A |
| ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | ||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2026-04-23 | N/A |
| Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5008 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2006-6991 | 1 Fast Browser | 1 Fast Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2007-4397 | 6 Irssi, Kristof Korwisi, Mikachu and 3 more | 7 Irssi, Ixmmsa, L33t Xmms Music Showing Script and 4 more | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) XMMS Remote Control Script 1.07, (3) Disrok 1.0, (4) a2x 0.0.1, (5) Another xmms-info script 1.0, (6) XChat-XMMS 0.8.1, and other unspecified scripts for XChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file. | ||||
| CVE-2006-5741 | 1 Airmagnet | 1 Enterprise | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface. | ||||
| CVE-2006-5740 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet. | ||||
| CVE-2006-6522 | 1 Wikitimescale | 1 Twozero | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | ||||
| CVE-2007-0060 | 2 Broadcom, Ca | 24 Advantage Data Transport, Brightstor Portal, Brightstor San Manager and 21 more | 2026-04-23 | N/A |
| Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. | ||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | ||||
| CVE-2006-6456 | 1 Microsoft | 4 Office, Word, Word Viewer and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994. | ||||