Export limit exceeded: 345023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345023 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2825 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | ||||
| CVE-2006-2826 | 1 Phplib Team | 1 Phplib | 2026-04-16 | N/A |
| SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie. | ||||
| CVE-2006-2951 | 1 Npds | 1 Npds | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.10 and earlier allow remote attackers to inject arbitrary web script and HTML via the (1) Titlesitename or (2) sitename parameter to (a) header.php, (3) nuke_url parameter to (b) meta/meta.php, (4) forum parameter to (c) viewforum.php, (5) post_id, (6) forum, (7) topic, or (8) arbre parameter to (d) editpost.php, or (9) uname or (10) email parameter to (e) user.php. | ||||
| CVE-2006-2952 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2026-04-16 | N/A |
| Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php. | ||||
| CVE-2006-2953 | 1 Primoris Software | 1 Officeflow | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter. | ||||
| CVE-2006-2954 | 1 Primoris Software | 1 Officeflow | 2026-04-16 | N/A |
| SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter. | ||||
| CVE-2006-2955 | 1 Kaphotoservice | 1 Kaphotoservice | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp. | ||||
| CVE-2006-2956 | 1 Skoom | 1 I.list | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php. | ||||
| CVE-2006-2957 | 1 Skoom | 1 I.list | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2963 | 1 It-direkt | 1 Cabacos Web Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter. | ||||
| CVE-2006-2961 | 1 Aclogic | 1 Cesarftp | 2026-04-16 | N/A |
| Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | ||||
| CVE-2006-2964 | 1 Xtreme Scripts | 1 Download Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php. | ||||
| CVE-2006-2965 | 1 Particle Soft | 1 Particle Whois | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." | ||||
| CVE-2006-2966 | 1 Particle Soft | 1 Particle Wiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme. | ||||
| CVE-2006-2967 | 1 Syworks | 1 Safenet | 2026-04-16 | N/A |
| Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. | ||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. | ||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2026-04-16 | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | ||||
| CVE-2002-2352 | 1 Neosoft | 1 Neobook | 2026-04-16 | N/A |
| The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs. | ||||
| CVE-2006-2975 | 1 Pbl Guestbook | 1 Pbl Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information. | ||||