Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3269 1 Thorcms 1 Thorcms 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2006-4507 1 Sony 1 Playstation Portable 2026-04-16 N/A
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.
CVE-2006-3270 1 Thorcms 1 Thorcms 2026-04-16 N/A
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-3272 1 Astrodog Press 1 Some Chess 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3296 1 George Currums 1 Open Guestbook 2026-04-16 N/A
SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2006-3297 1 Uebimiau 1 Uebimiau 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-4539 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3300 1 Phpmysms 1 Phpmysms 2026-04-16 N/A
PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
CVE-2006-3301 1 Phpqladmin 1 Phpqladmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.
CVE-2006-4540 1 Learn.com 1 Learncenter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-3302 1 Cbsms 1 Mambo Module 2026-04-16 N/A
PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-3303 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.
CVE-2006-3304 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
CVE-2006-3305 1 Uebimiau 1 Uebimiau 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.
CVE-2006-3307 1 Zoid Technologies 1 Project Eros Bbsengine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.
CVE-2006-4543 1 Hlstats 1 Hlstats 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
CVE-2006-3308 1 Zoid Technologies 1 Project Eros Bbsengine 2026-04-16 N/A
Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS).
CVE-2006-3309 1 Internet Scout Project 1 Scout Portal Toolkit 2026-04-16 N/A
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2006-3312 1 Qatraq 1 Qatraq 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. NOTE: the vendor notified CVE via e-mail that this issue has been fixed in the 6.8 RC release.
CVE-2006-4559 1 Bernard Pacques 1 Yet Another Community System Cms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532.