Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4724 1 Adobe 1 Coldfusion 2026-04-16 N/A
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
CVE-2006-4725 1 Adobe 1 Coldfusion 2026-04-16 N/A
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
CVE-2006-4726 1 Adobe 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.
CVE-2006-4741 1 Idevspot 1 Phplinkexchange 2026-04-16 N/A
PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
CVE-2006-4742 1 Idevspot 1 Phplinkexchange 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-4744 1 Abidia 2 Abidia Wireless, O-anywhere 2026-04-16 N/A
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
CVE-2006-4745 1 Scarybear 1 Pocketexpense Pro 2026-04-16 N/A
ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
CVE-2006-4746 1 Comscripts 1 Web Server Creator 2026-04-16 N/A
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2006-4747 1 Idevspot 1 Textads 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2006-4749 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
CVE-2006-4750 1 Openi-cms Group 1 Openi-cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
CVE-2006-4751 1 Laurentiu Matei 1 Expandable Home Page Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.
CVE-2006-4752 1 Laurentiu Matei 1 Expandable Home Page Cms 2026-04-16 N/A
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.
CVE-2006-4753 1 Comscripts 1 Phprog 2026-04-16 N/A
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2006-4754 1 Comscripts 1 Phprog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2006-4758 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
CVE-2006-4759 1 Punbb 1 Punbb 2026-04-16 N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVE-2006-4770 1 Miniportal 1 Miniportal 2026-04-16 N/A
PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter.
CVE-2006-4771 1 Jbc 1 Forumjbc 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter.
CVE-2006-4773 1 Sun 1 Storedge 6130 Arrays 2026-04-16 N/A
Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.