Export limit exceeded: 345221 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345221 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | ||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. | ||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | ||||
| CVE-2006-2815 | 1 Two Shoes Mambo Factory | 1 Simpleboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. | ||||
| CVE-2006-2948 | 1 Alan Ward | 1 A-cart | 2026-04-16 | N/A |
| A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. | ||||
| CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | ||||
| CVE-2002-1812 | 1 Gdam | 1 Gdam | 2026-04-16 | N/A |
| Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter. | ||||
| CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2026-04-16 | N/A |
| NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | ||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | ||||
| CVE-2006-2816 | 1 Coolphp | 1 Coolphp Magazine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in coolphp magazine allow remote attackers to inject arbitrary web script or HTML via the (1) op and (2) nick parameters, and possibly the (3) 0000, (4) userinfo, (5) comp_der, (6) encuestas, and (7) pagina parameters. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability. If it is site-specific, then it should not be included in CVE. | ||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2026-04-16 | N/A |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2818 | 1 Cameron Mckay | 1 Informium | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | ||||
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | ||||
| CVE-2006-2821 | 1 Deltascripts | 1 Pro Publish | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php. | ||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2026-04-16 | N/A |
| Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | ||||
| CVE-2006-2824 | 1 Logicalware | 1 Mailmanager | 2026-04-16 | N/A |
| Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | ||||
| CVE-2002-2097 | 1 Maradns | 1 Maradns | 2026-04-16 | N/A |
| The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets. | ||||