Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2922 1 Miraks 1 Miraksgalerie 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.
CVE-2006-2924 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-04-16 N/A
Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.
CVE-2006-2925 1 Ingate 2 Ingate Firewall, Siparator 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.
CVE-2006-2926 1 Qbik 1 Wingate 2026-04-16 N/A
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2006-2929 1 Openemr 1 Openemr 2026-04-16 N/A
PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.
CVE-2006-2930 1 Sun 2 Grid Engine, N1 Grid Engine 2026-04-16 N/A
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
CVE-2006-2931 1 Hotwebscripts 1 Cms Mundo 2026-04-16 N/A
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.
CVE-2006-2942 1 Twiki 1 Twiki 2026-04-16 N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2006-3264 1 Namo 1 Deepsearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2006-2944 1 Cgi-rescue 1 Form2mail 2026-04-16 N/A
Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
CVE-2006-2946 1 Dmx Forum 1 Dmx Forum 2026-04-16 N/A
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
CVE-2006-2947 1 Dmx Forum 1 Dmx Forum 2026-04-16 N/A
Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter.
CVE-2006-2948 1 Alan Ward 1 A-cart 2026-04-16 N/A
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.
CVE-2006-2949 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.
CVE-2006-2953 1 Primoris Software 1 Officeflow 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter.
CVE-2006-2954 1 Primoris Software 1 Officeflow 2026-04-16 N/A
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.
CVE-2006-2955 1 Kaphotoservice 1 Kaphotoservice 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2006-2956 1 Skoom 1 I.list 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php.
CVE-2006-2958 1 Filzip 1 Filzip 2026-04-16 N/A
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2959 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.