Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4750 | 1 Openi-cms Group | 1 Openi-cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. | ||||
| CVE-2006-4751 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. | ||||
| CVE-2006-4752 | 1 Laurentiu Matei | 1 Expandable Home Page Cms | 2026-04-16 | N/A |
| Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter. | ||||
| CVE-2006-4753 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | ||||
| CVE-2006-4758 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. | ||||
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | ||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | ||||
| CVE-2006-4771 | 1 Jbc | 1 Forumjbc | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. | ||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2026-04-16 | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | ||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2026-04-16 | N/A |
| SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information. | ||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | ||||
| CVE-2006-4783 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | ||||
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | ||||
| CVE-2006-4788 | 1 Telekorn | 1 Signkorn Guestbook | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter. | ||||
| CVE-2006-4799 | 1 Xine | 1 Xine-lib | 2026-04-16 | N/A |
| Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-16 | N/A |
| Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2006-4802 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. | ||||
| CVE-2006-4803 | 1 Netiq | 1 Identity Manager | 2026-04-16 | N/A |
| The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | ||||