Export limit exceeded: 363434 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363434 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2247 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2006-2248 | 1 Northern Solutions | 1 Xeneo Web Server | 2026-04-16 | N/A |
| Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. | ||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | ||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | ||||
| CVE-2006-2251 | 1 Invision Power Services | 1 Invision Community Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | ||||
| CVE-2006-2300 | 1 Keyvan1 | 1 Eimagepro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp. | ||||
| CVE-2006-2302 | 1 Duware | 1 Dugallery | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field. | ||||
| CVE-2006-2303 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. | ||||
| CVE-2006-2306 | 1 Keyvan Janghorbani | 1 Epublisherpro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2308 | 1 Etype | 1 Eserv | 2026-04-16 | N/A |
| Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands. | ||||
| CVE-2006-2330 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata. | ||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2026-04-16 | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | ||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2026-04-16 | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | ||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | ||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | ||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2026-04-16 | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | ||||
| CVE-2006-2906 | 1 Thomas Boutell | 1 Graphics Draw Library | 2026-04-16 | N/A |
| The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. | ||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | ||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2026-04-16 | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | ||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | ||||