Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0448 | 1 Jftpgw | 1 Jftpgw | 2026-04-16 | N/A |
| Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages. | ||||
| CVE-2006-4606 | 1 Longino | 1 Jacome Php-revista | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. | ||||
| CVE-2006-4607 | 1 Longino | 1 Jacome Php-revista | 2026-04-16 | N/A |
| admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1. | ||||
| CVE-2006-4608 | 1 Longino | 1 Jacome Php-revista | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. | ||||
| CVE-2006-4609 | 1 Phpprojekt | 1 Phpprojekt | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used | ||||
| CVE-2006-4663 | 1 Linux | 1 Linux Kernel | 2026-04-16 | 7.8 High |
| The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios | ||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4665 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. | ||||
| CVE-2006-4667 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. | ||||
| CVE-2006-4668 | 1 Rob Hensley | 1 Ackertodo | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. | ||||
| CVE-2006-4670 | 1 Gtasoft | 1 Photokorn Gallery | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php. | ||||
| CVE-2006-4676 | 1 Tibco | 1 Rendezvous | 2026-04-16 | N/A |
| TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. | ||||
| CVE-2006-4678 | 1 Comscripts | 1 News Evolution | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php. | ||||
| CVE-2006-4679 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". | ||||
| CVE-2006-4680 | 1 Canon | 7 Imagerunner 2620, Imagerunner 5020, Imagerunner 6870 and 4 more | 2026-04-16 | N/A |
| The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2006-4681 | 1 Ibm | 1 Director | 2026-04-16 | N/A |
| Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | ||||
| CVE-2006-4682 | 1 Ibm | 1 Director | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | ||||
| CVE-2006-4741 | 1 Idevspot | 1 Phplinkexchange | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter. | ||||
| CVE-2006-4742 | 1 Idevspot | 1 Phplinkexchange | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2006-4743 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. | ||||