Export limit exceeded: 23281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347789 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. | ||||
| CVE-2006-6533 | 1 Oscommerce | 1 Oscommerce | 2026-04-23 | N/A |
| Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages. | ||||
| CVE-2006-6534 | 1 Oscommerce | 1 Oscommerce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. | ||||
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2026-04-23 | N/A |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2026-04-23 | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | ||||
| CVE-2006-6543 | 1 Appintellect | 1 Spotlight Crm | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6540 | 1 Bluetrait | 1 Bluetrait | 2026-04-23 | N/A |
| SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit. | ||||
| CVE-2006-6544 | 1 Cm68 News | 1 Cm68 News | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6549 | 1 Rad Inks | 1 Rad Upload | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby instructions say "SET THE SAVE PATH by editing the line below. | ||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | ||||
| CVE-2007-4477 | 1 Planet Technology Corp | 1 Vc-200m Vdsl2 | 2026-04-23 | N/A |
| The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. | ||||
| CVE-2006-6560 | 1 Mxbb | 1 Modsdb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2006-6555 | 1 Easyfill | 1 Easyfill | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2026-04-23 | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | ||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | ||||
| CVE-2006-6558 | 1 Crob | 1 Crob Ftp Server | 2026-04-23 | N/A |
| Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. | ||||
| CVE-2007-4486 | 1 Linkliste | 1 Linkliste | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter. | ||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2026-04-23 | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | ||||
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | ||||