Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4218 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter.
CVE-2006-2569 2 4r Linklist, Woltlab 2 4r Linklist, Burning Board 2026-04-16 N/A
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-4219 1 Microsoft 1 Ie 2026-04-16 N/A
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
CVE-2006-2577 1 Docebo 1 Docebo 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2588 1 Russcom Network 1 Phpimages 2026-04-16 N/A
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability.
CVE-2006-2589 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
CVE-2006-2591 1 E107 1 E107 2026-04-16 N/A
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2006-4221 1 Ibm 1 Egatherer 2026-04-16 N/A
Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.
CVE-2006-2605 1 Dschat 1 Dschat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.
CVE-2006-2606 1 Chatty 1 Chatty 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username.
CVE-2006-2607 2 Paul Vixie, Redhat 2 Vixie Cron, Enterprise Linux 2026-04-16 N/A
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
CVE-2006-2695 1 Dgnews 1 Dgnews 2026-04-16 N/A
admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory.
CVE-2006-2719 1 Jiwa 1 Financials 2026-04-16 N/A
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
CVE-2006-2721 1 Variomat 1 Variomat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2749 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
CVE-2006-2750 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message.
CVE-2006-2751 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php.
CVE-2006-2752 1 Suse 1 Suse Linux 2026-04-16 N/A
The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.
CVE-2006-2812 1 Dominios Europa 1 Picrate 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter.
CVE-2006-2820 1 Hotwebscripts 1 Weblog Oggi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element.