Export limit exceeded: 360133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6215 | 1 Wallpaper | 1 Wallpaper Complete Website | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php. | ||||
| CVE-2006-6216 | 1 Nivisec | 1 Hacks List | 2026-04-23 | N/A |
| SQL injection vulnerability in admin_hacks_list.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hack_id parameter. | ||||
| CVE-2006-6217 | 1 Php-nuke | 1 Mermaid Module | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in formdisp.php in the Mermaid 1.2 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the module_name parameter. | ||||
| CVE-2006-6218 | 1 Dev4u | 1 Dev4u Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow remote attackers to execute arbitrary SQL commands via the (1) seite_id, (2) gruppe_id.php, and (3) go_target parameters. | ||||
| CVE-2006-6221 | 1 2x | 1 Thinclientserver | 2026-04-23 | N/A |
| 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | ||||
| CVE-2006-6222 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix. | ||||
| CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | ||||
| CVE-2006-6224 | 1 Puntal | 1 Puntal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array. | ||||
| CVE-2006-6226 | 1 Neoengine | 1 Neoengine | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp. | ||||
| CVE-2006-6227 | 1 Neoengine | 1 Neoengine | 2026-04-23 | N/A |
| The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference. | ||||
| CVE-2006-6229 | 1 Codewalkers | 1 Ltwcalendar | 2026-04-23 | N/A |
| Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | ||||
| CVE-2006-6230 | 1 Vubb | 1 Vubb | 2026-04-23 | N/A |
| SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962. | ||||
| CVE-2006-6231 | 1 Vubb | 1 Vubb | 2026-04-23 | N/A |
| vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | ||||
| CVE-2006-6232 | 1 Dreamcost | 1 Dreamaccount | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-6233 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue. | ||||
| CVE-2006-6234 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action. | ||||
| CVE-2006-6235 | 6 Gnu, Gpg4win, Redhat and 3 more | 9 Privacy Guard, Gpg4win, Enterprise Linux and 6 more | 2026-04-23 | N/A |
| A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | ||||
| CVE-2006-6237 | 1 Woltlab | 1 Burning Board Lite | 2026-04-23 | N/A |
| SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter. | ||||
| CVE-2006-6238 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | ||||
| CVE-2006-6243 | 1 Fipsasp | 1 Fipsshop | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. | ||||