Export limit exceeded: 344983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344983 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2252 | 1 Openfaq | 1 Openfaq | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-2357 | 1 Ipswitch | 1 Whatsup Professional | 2026-04-16 | N/A |
| Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. | ||||
| CVE-2006-1894 | 1 Revoboard | 1 Revoboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant. | ||||
| CVE-2006-1895 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl. | ||||
| CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | ||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | ||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2026-04-16 | N/A |
| Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | ||||
| CVE-2006-1898 | 1 Ralph Capper | 1 Tinyphpforum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103. | ||||
| CVE-2006-1899 | 1 Dev | 1 Neuron Blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | ||||
| CVE-2006-1900 | 1 W3c | 1 Amaya | 2026-04-16 | N/A |
| Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | ||||
| CVE-2006-2254 | 1 Intervations | 1 Filecopa | 2026-04-16 | N/A |
| Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. | ||||
| CVE-2006-2358 | 1 Web-labs | 1 Web-labs Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2256 | 1 Eqdkp | 1 Eqdkp | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | ||||
| CVE-2006-1901 | 1 Mozilla | 1 Camino | 2026-04-16 | N/A |
| Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724. | ||||
| CVE-2006-2257 | 1 Faktorystudios | 1 Easyevent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. | ||||
| CVE-2006-2258 | 1 Maxxcode | 1 Maxxschedule | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter. | ||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2026-04-16 | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | ||||
| CVE-2006-2262 | 1 Singapore | 1 Singapore | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | ||||
| CVE-2006-2263 | 1 Virtual Programming | 1 Vp-asp | 2026-04-16 | N/A |
| SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||