Export limit exceeded: 361554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361554 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361554 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2179 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | ||||
| CVE-2006-2173 | 1 Filezilla | 1 Filezilla Server | 2026-04-16 | N/A |
| Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | ||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2026-04-16 | N/A |
| Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | ||||
| CVE-2006-2163 | 1 Desert Dog Software | 1 Pinnacle Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. | ||||
| CVE-2006-2161 | 3 Cam Development, Erik Dienske, Roger Aelbrecht | 3 Cam Unzip, Abakt, Tzipbuilder | 2026-04-16 | N/A |
| Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name. | ||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2026-04-16 | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | ||||
| CVE-2006-2155 | 1 Emc | 1 Retrospect | 2026-04-16 | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | ||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | ||||
| CVE-2006-2148 | 1 Cgiirc | 1 Cgiirc | 2026-04-16 | N/A |
| Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. | ||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2026-04-16 | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | ||||
| CVE-2006-2147 | 1 Resmgr | 1 Resmgrd | 2026-04-16 | N/A |
| resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788. | ||||
| CVE-2006-2146 | 1 Harold Bakker | 1 Hb-ns | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_homepage, or (4) message parameter. | ||||
| CVE-2006-2145 | 1 Harold Bakker | 1 Hb-ns | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) topic or (2) id parameter. | ||||
| CVE-2006-2144 | 1 Dmcounter | 1 Dmcounter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | ||||
| CVE-2006-2143 | 1 Jcink | 1 Textfilebb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB 1.0.16 allow remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) color, (2) size, or (3) url bbcode tags. | ||||
| CVE-2006-2142 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in classes/adodbt/sql.php in Limbo CMS 1.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter. | ||||
| CVE-2006-2141 | 1 Collaborative Portal Server Project | 1 Collaborative Portal Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument. | ||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | ||||
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | ||||
| CVE-2006-2137 | 1 Openphpnuke | 1 Openphpnuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||