Export limit exceeded: 363381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1707 1 Kansok Communications 1 Shopweezle 2026-04-16 N/A
index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.
CVE-2006-1708 1 Clansys 1 Clansys 2026-04-16 N/A
SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.
CVE-2006-1892 1 Alwil 1 Avast Antivirus 2026-04-16 N/A
avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory.
CVE-2006-1709 1 Interaktiv 1 Interaktiv.shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2006-1835 1 Vincent Hor 2 Calendarix, Calendarix Advanced 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
CVE-2006-1710 1 Design Nation 1 Dnguestbook 2026-04-16 N/A
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.
CVE-2006-1711 1 Plone 1 Plone 2026-04-16 N/A
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
CVE-2006-1897 1 Talentsoft 1 Web\+ Shop 2026-04-16 N/A
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
CVE-2006-0933 1 Phpx 1 Phpx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0934 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.
CVE-2006-1544 1 Vscripts 1 Vnews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters.
CVE-2006-1846 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others.
CVE-2006-0935 1 Microsoft 1 Word 2026-04-16 N/A
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
CVE-2006-1545 1 Vscripts 1 Vnews 2026-04-16 N/A
Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php.
CVE-2006-0936 1 Free Host Shop 1 Website Generator 2026-04-16 N/A
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
CVE-2006-0937 1 Unu Networks 1 Mailgust 2026-04-16 N/A
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.
CVE-2006-1847 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1848 1 Linpha 1 Linpha 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
CVE-2006-1900 1 W3c 1 Amaya 2026-04-16 N/A
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
CVE-2006-0939 1 Dci-designs 1 Dci-taskeen 2026-04-16 N/A
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.