Export limit exceeded: 20096 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4975 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | ||||
| CVE-2006-3449 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | ||||
| CVE-2006-3450 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | ||||
| CVE-2006-3451 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-3452 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2026-04-16 | N/A |
| Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files. | ||||
| CVE-2006-3453 | 1 Adobe | 1 Acrobat | 2026-04-16 | N/A |
| Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. | ||||
| CVE-2006-4976 | 1 John Lim | 1 Adodb Date Library | 2026-04-16 | N/A |
| The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages. | ||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. | ||||
| CVE-2006-4977 | 1 Walter Beschmout | 1 Phpquiz | 2026-04-16 | N/A |
| Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter. | ||||
| CVE-2006-4978 | 1 Walter Beschmout | 1 Phpquiz | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI. | ||||
| CVE-2006-4979 | 1 Walter Beschmout | 1 Phpquiz | 2026-04-16 | N/A |
| Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings. | ||||
| CVE-2006-4588 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | ||||
| CVE-2006-4590 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4593 | 1 Softbb | 1 Softbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-4594 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. | ||||
| CVE-2006-4595 | 1 Muforum | 1 Muforum | 2026-04-16 | N/A |
| muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes. | ||||
| CVE-2006-4596 | 1 Mybace Light | 1 Mybace Light | 2026-04-16 | N/A |
| PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php. | ||||
| CVE-2006-4597 | 1 Icblogger | 1 Icblogger | 2026-04-16 | N/A |
| SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter. | ||||
| CVE-2006-4598 | 1 Sslinks | 1 Sslinks | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action. | ||||
| CVE-2006-4599 | 1 Autentificator | 1 Autentificator | 2026-04-16 | N/A |
| SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||