Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4633 1 Softbb 1 Softbb 2026-04-16 N/A
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
CVE-2006-4634 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
CVE-2006-4636 1 Szewo 1 Phpcommander 2026-04-16 N/A
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
CVE-2006-4638 1 Acgv News 1 Acgv News 2026-04-16 N/A
PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.
CVE-2006-4641 1 Muratsoft 1 Haber Portal 2026-04-16 N/A
SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2006-4642 1 Auditwizard 1 Auditwizard 2026-04-16 N/A
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
CVE-2006-4643 1 Uni-vert 1 Phpleague 2026-04-16 N/A
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4644 1 Phpfullannu 1 Phpfullannu 2026-04-16 N/A
PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
CVE-2006-4646 1 Drupal 1 Drupal Pathauto Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4647 1 Sponge News 1 Sponge News 2026-04-16 N/A
PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
CVE-2006-4648 1 Bingo News 1 Bingo News 2026-04-16 N/A
PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
CVE-2006-4651 1 Threesquared.net 1 Php Download Script 2026-04-16 N/A
Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.
CVE-2006-4652 2 Amazing Little Picture Poll, Amazing Little Poll 2 Amazing Little Picture Poll, Amazing Little Poll 2026-04-16 N/A
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
CVE-2003-1292 1 Ashwebstudio 1 Ashnews 2026-04-16 N/A
PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php.
CVE-2006-4661 1 Icq Inc 1 Icq Toolbar 2026-04-16 N/A
AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
CVE-2003-1428 2 Bharat Mediratta, Linux 2 Gallery, Linux Kernel 2026-04-16 N/A
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
CVE-2003-1466 1 Phorum 1 Phorum 2026-04-16 N/A
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
CVE-2005-1798 1 Serverscheck 1 Monitoring Software 2026-04-16 N/A
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
CVE-2005-1799 1 Freestyle 2 Wiki, Wikilite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-1800 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.