Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0773 | 1 Hitachi | 1 Business Logic | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. | ||||
| CVE-2006-0774 | 1 Lawrence Osiris | 1 Db Esession | 2026-04-16 | N/A |
| SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID. | ||||
| CVE-2006-0775 | 1 Ridder Roeland | 1 Birthsys | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error. | ||||
| CVE-2006-0776 | 1 Teca Scripts | 1 Guestex | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2026-04-16 | N/A |
| Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | ||||
| CVE-2006-0780 | 1 Perlblog | 1 Perlblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. | ||||
| CVE-2006-0781 | 1 Perlblog | 1 Perlblog | 2026-04-16 | N/A |
| Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. | ||||
| CVE-2006-0783 | 1 Siteframe | 1 Siteframe Beaumont | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment). | ||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2026-04-16 | N/A |
| D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | ||||
| CVE-2006-0785 | 1 Phpkit | 1 Phpkit | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions. | ||||
| CVE-2006-0796 | 1 Clever Copy | 1 Clever Copy | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0798 | 1 Macallan | 1 Mail Solution | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. | ||||
| CVE-2006-0803 | 2 Novell, Suse | 2 Suse Linux, Suse Linux | 2026-04-16 | N/A |
| The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | ||||
| CVE-2006-0804 | 1 Tin | 1 Tin | 2026-04-16 | N/A |
| Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | ||||
| CVE-2006-0808 | 1 Mute | 1 Mute | 2026-04-16 | N/A |
| MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. | ||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | ||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | ||||
| CVE-2006-0812 | 1 Visnetic | 1 Visnetic Antivirus Plug-in For Mail Server | 2026-04-16 | N/A |
| The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | ||||
| CVE-2006-0815 | 1 Networkactiv | 1 Networkactiv Web Server | 2026-04-16 | N/A |
| NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. | ||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | ||||