Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1425 1 Phpmyfamily 1 Phpmyfamily 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-1426 1 Pixel Motion 1 Pixel Motion Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.
CVE-2006-0587 1 Gallery Project 1 Gallery 2026-04-16 N/A
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
CVE-2006-1799 1 Adcentrix 1 Censtore 2026-04-16 N/A
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-2006-0588 1 Jaia Interactive 1 Mytopix 2026-04-16 N/A
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
CVE-2006-0598 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
CVE-2006-1427 1 Web-app.org 1 Webapp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVE-2006-0608 1 Hinton Design 1 Phphd 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database.
CVE-2006-0610 1 2200net 1 2200net Calendar 2026-04-16 N/A
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php.
CVE-2006-0612 1 Powersave 1 Powersave 2026-04-16 N/A
Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-0613 1 Sun 1 J2se 2026-04-16 N/A
Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications.
CVE-2006-0614 1 Sun 3 Jdk, Jre, Sdk 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
CVE-2006-0615 1 Sun 3 Jdk, Jre, Sdk 2026-04-16 N/A
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."
CVE-2006-0616 1 Sun 2 Jdk, Jre 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
CVE-2006-0625 1 Spip 1 Spip 2026-04-16 N/A
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
CVE-2006-0641 1 Orbicule 1 Undercover 2026-04-16 N/A
Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination.
CVE-2006-0647 1 Sun 1 Java System Directory Server 2026-04-16 N/A
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-0648 1 Php Icalendar 1 Php Icalendar 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.
CVE-2006-1428 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php.
CVE-2006-0656 1 Hp 1 Systems Insight Manager 2026-04-16 N/A
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.