Export limit exceeded: 345004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2733 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts. | ||||
| CVE-2006-2734 | 1 Mini-nuke | 1 Mini-nuke | 2026-04-16 | N/A |
| enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker. | ||||
| CVE-2006-2735 | 1 Activity Mod Plus | 1 Activity Mod Plus | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. | ||||
| CVE-2006-2736 | 1 Phpbb-portal | 1 Blend Portal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507. | ||||
| CVE-2006-2737 | 1 Nukedit | 1 Nukedit | 2026-04-16 | N/A |
| utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action. | ||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2026-04-16 | N/A |
| The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | ||||
| CVE-2006-2739 | 1 Epic Designs | 1 Tinybb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter. | ||||
| CVE-2006-2741 | 1 Epic Designs | 1 Tinybb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. | ||||
| CVE-2006-3104 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message. | ||||
| CVE-2006-2742 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | ||||
| CVE-2006-2743 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | ||||
| CVE-2006-2744 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | ||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | ||||
| CVE-2006-3108 | 1 Emailarchitect | 1 Email Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter. | ||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. | ||||
| CVE-2006-3110 | 1 Chipmailer | 1 Chipmailer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters. | ||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr. | ||||
| CVE-2006-2745 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. | ||||
| CVE-2006-3112 | 1 Chipmailer | 1 Chipmailer | 2026-04-16 | N/A |
| Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function. | ||||
| CVE-2006-2746 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues. | ||||