Export limit exceeded: 362848 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5529 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | ||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2026-04-23 | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | ||||
| CVE-2006-6847 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. | ||||
| CVE-2006-6853 | 1 Mozilla | 1 Durian Web Application Server | 2026-04-23 | N/A |
| Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002. | ||||
| CVE-2006-6878 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. | ||||
| CVE-2006-6855 | 1 Aidex | 1 Mini-webserver | 2026-04-23 | N/A |
| AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | ||||
| CVE-2006-5532 | 1 Xoops | 1 Xoops Rmsoft Gallery System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6860 | 1 Mythcontrol | 1 Mythcontrol | 2026-04-23 | N/A |
| Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | ||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2026-04-23 | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | ||||
| CVE-2006-5550 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2026-04-23 | N/A |
| The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | ||||
| CVE-2007-4200 | 1 Brian Carrier | 1 The Slueth Kit | 2026-04-23 | N/A |
| ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image. | ||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2026-04-23 | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | ||||
| CVE-2006-6877 | 1 Matteo Lucarelli | 1 3editor Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter. | ||||
| CVE-2006-5557 | 1 Hp | 1 Hp-ux | 2026-04-23 | N/A |
| Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. | ||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2026-04-23 | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | ||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security." | ||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2026-04-23 | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | ||||