Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363531 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5500 | 1 Xchangeboard | 1 Xchangeboard | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-6975 | 1 Centipaid | 1 Centipaid | 2026-04-23 | 9.8 Critical |
| PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement | ||||
| CVE-2006-5515 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface. | ||||
| CVE-2006-5517 | 1 Rhode Island Secretary Of State | 1 Open Meetings Filing System | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php. | ||||
| CVE-2006-5518 | 1 Christopher Fowler | 1 Rssonate | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/. | ||||
| CVE-2006-5519 | 1 Mambweather | 1 Mambweather | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-5520 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter. | ||||
| CVE-2006-5522 | 1 Johannes Erdfelt | 1 Kawf | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php. | ||||
| CVE-2006-6979 | 1 Amarok | 1 Amarok | 2026-04-23 | N/A |
| The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2006-5523 | 1 Ez-ticket | 1 Ez-ticket | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter. | ||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | ||||
| CVE-2007-0529 | 1 Php Link Directory | 1 Php Link Directory | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | ||||
| CVE-2006-6983 | 1 Myweb4net | 1 Myweb4net Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | ||||
| CVE-2006-5525 | 1 Phpnuke | 1 Php-nuke | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php. | ||||
| CVE-2006-6984 | 1 More Quick Tools | 1 Greenbrowser | 2026-04-23 | N/A |
| Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2007-0530 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use | ||||
| CVE-2006-6985 | 1 Maxthon | 1 Maxthon | 2026-04-23 | N/A |
| Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2007-0532 | 1 Tuan Do | 1 Uploader | 2026-04-23 | N/A |
| Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | ||||
| CVE-2006-6986 | 1 Phaseout | 1 Phaseout | 2026-04-23 | N/A |
| Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||