Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0786 1 Phpkit 1 Phpkit 2026-04-16 N/A
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
CVE-2006-0787 1 Plaino 1 Wimpy Mp3 2026-04-16 N/A
wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE.
CVE-2006-0788 1 Kyocera 1 Fs-3830n 2026-04-16 N/A
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.
CVE-2006-0789 1 Kyocera 1 Fs-3830n 2026-04-16 N/A
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.
CVE-2006-0790 1 Rockliffe 1 Mailsite 2026-04-16 N/A
Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite.
CVE-2006-0791 1 Dreamcost 1 Hostadmin 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.
CVE-2006-0792 1 V-webmail 1 V-webmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0793 1 V-webmail 1 V-webmail 2026-04-16 N/A
frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1672 1 Cisco 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more 2026-04-16 N/A
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049.
CVE-2006-0794 1 V-webmail 1 V-webmail 2026-04-16 N/A
help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1479 1 Serge Rey 1 Gtd-php 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php.
CVE-2006-1480 1 Duda 1 Webalbum 2026-04-16 N/A
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
CVE-2006-0797 1 Nokia 1 N70 2026-04-16 N/A
Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS).
CVE-2006-1685 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.
CVE-2006-1811 1 Flexbb 1 Flexbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) forumid, or (3) threadid parameter to index.php; the (4) ICQ, (5) AIM, (6) MSN, (7) Google Talk, (8) Website Name, (9) Website Address, (10) Email Address, (11) Location, (12) Signature, and (13) Sub-Titles fields in the user profile; or (14) flexbb_password field in a cookie.
CVE-2006-0843 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
CVE-2006-1502 1 Mplayer 1 Mplayer 2026-04-16 N/A
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.
CVE-2006-1686 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter.
CVE-2006-0844 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
CVE-2006-1687 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality.