Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0688 1 Nicecoder 1 Indexu 2026-04-16 N/A
PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
CVE-2006-0689 1 Scheduling Management.com 1 Time Tracking Software 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
CVE-2006-0691 1 Scheduling Management.com 1 Time Tracking Software 2026-04-16 N/A
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.
CVE-2006-0693 1 Roberto Butti 1 Calimba 2026-04-16 N/A
Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters.
CVE-2006-0694 1 Ansilove 1 Ansilove 2026-04-16 N/A
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".
CVE-2006-0695 1 Ansilove 1 Ansilove 2026-04-16 N/A
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
CVE-2006-0696 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-0698 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
CVE-2006-0701 1 Imagevue 1 Imagevue 2026-04-16 N/A
readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.
CVE-2006-0702 1 Imagevue 1 Imagevue 2026-04-16 N/A
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.
CVE-2006-0703 1 Imagevue 1 Imagevue 2026-04-16 N/A
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.
CVE-2006-0704 1 Ie 1 Ie Integrator 2026-04-16 N/A
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.
CVE-2006-0708 1 Nullsoft 1 Winamp 2026-04-16 N/A
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
CVE-2006-0720 1 Nullsoft 1 Winamp 2026-04-16 N/A
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.
CVE-2006-0721 1 Runcms 1 Runcms 2026-04-16 N/A
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.
CVE-2006-0722 1 Reamday Enterprises 1 Magic Downloads 2026-04-16 N/A
settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.
CVE-2006-0724 1 Reamday Enterprises 1 Magic News Lite 2026-04-16 N/A
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.
CVE-2006-0726 1 Cpg-nuke 1 Dragonfly Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
CVE-2006-0727 1 Musox 1 Df Msanalysis 2026-04-16 N/A
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
CVE-2006-0728 1 Webspell 1 Webspell 2026-04-16 N/A
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.