Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3151 1 Associated 1 Associated Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
CVE-2006-3153 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-3154 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3155 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.pl, (3) user parameter in (d) userask.pl or (e) leavefeed.pl, (4) itemnum parameter in userask.pl, (5) category parameter in (f) itemlist.pl, and the (6) query parameter in (g) search.pl.
CVE-2006-3156 1 Thinkfactory 1 Ultimate Eshop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.
CVE-2006-3158 1 Eduha Meeting 1 Eduha Meeting 2026-04-16 N/A
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
CVE-2006-3159 1 Sun 2 Iplanet Messaging Server, One Messaging Server 2026-04-16 N/A
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
CVE-2006-3160 1 Onedotoh 1 Simple File Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-3161 1 Saphp 1 Saphplesson 2026-04-16 N/A
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
CVE-2006-3162 1 Smartsitecms 1 Smartsitecms 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2006-3163 1 Imgallery 1 Imgallery 2026-04-16 N/A
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
CVE-2006-3164 1 Tpl Design 1 Tplshop 2026-04-16 N/A
SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.
CVE-2006-3165 1 Free Realty 1 Free Realty 2026-04-16 N/A
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2006-3167 1 Free Realty 1 Free Realty 2026-04-16 N/A
Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message.
CVE-2006-3168 1 Comscripts 1 Cs-forum 2026-04-16 N/A
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
CVE-2006-3170 1 Comscripts 1 Cs-forum 2026-04-16 N/A
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
CVE-2006-3171 1 Comscripts 1 Cs-forum 2026-04-16 N/A
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
CVE-2006-3176 1 Xaran 1 Xaran Cms 2026-04-16 N/A
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3177 1 Bible Portal Project 1 Bible Portal Project 2026-04-16 N/A
PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter.
CVE-2006-3178 1 Jed Wing 1 Chm Lib 2026-04-16 N/A
Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.