Export limit exceeded: 345222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | ||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2026-04-16 | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | ||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | ||||
| CVE-2006-2546 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | ||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | ||||
| CVE-2006-2563 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | ||||
| CVE-2006-2571 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | ||||
| CVE-2006-2579 | 1 Hp | 1 Openview Storage Data Protector | 2026-04-16 | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | ||||
| CVE-2006-2632 | 1 Andrew Godwin | 1 Bytehoard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. | ||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | ||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | ||||
| CVE-2006-2649 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php. | ||||
| CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | ||||
| CVE-2006-2673 | 1 E-board | 1 Elite-board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. | ||||
| CVE-2006-2674 | 1 Tamber Forum | 1 Tamber Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp. | ||||
| CVE-2006-2679 | 1 Cisco | 1 Vpn Client | 2026-04-16 | N/A |
| Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265. | ||||
| CVE-2006-2689 | 1 Eva-web | 1 Eva-web | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. | ||||
| CVE-2006-2698 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php. | ||||
| CVE-2006-2707 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. | ||||