Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0471 1 My Little Homepage 1 My Little Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0472 1 My Little Homepage 1 My Little Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0473 1 My Little Homepage 1 My Little Weblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0475 1 Theworldsend.net 1 Php-ping 2026-04-16 N/A
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
CVE-2006-0476 1 Nullsoft 1 Winamp 2026-04-16 N/A
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-2006-0502 1 Farsinews 1 Farsinews 2026-04-16 N/A
PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter.
CVE-2006-0488 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm.
CVE-2006-0489 1 Khaled Mardam-bey 1 Mirc 2026-04-16 N/A
Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk
CVE-2006-0490 1 Aspthai.net 1 Aspthai Forums 2026-04-16 N/A
SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field.
CVE-2006-0491 1 Subzane 1 Szusermgnt 2026-04-16 N/A
SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0492 1 Vincent Hor 1 Calendarix 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
CVE-2006-0493 1 Thomas Rybak 1 Mg2 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture.
CVE-2006-0495 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
CVE-2006-0497 1 Php Gen 1 Php Gen 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors.
CVE-2006-0498 1 Php Gen 1 Php Gen 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-0499 1 Yourboard 1 Rlink 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0500 1 Punctweb 1 Myco Guestbook 2026-04-16 N/A
MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL.
CVE-2006-0501 1 Punctweb 1 Myco Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.
CVE-2006-0504 1 Mailenable 1 Mailenable Enterprise 2026-04-16 N/A
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail.
CVE-2006-0505 1 Zbattle.net 1 Zbattle Client 2026-04-16 N/A
zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game.