Export limit exceeded: 362971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362971 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0696 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-0697 1 Zen-cart 1 Zen Cart 2026-04-16 N/A
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVE-2006-0698 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
CVE-2006-0699 1 David Barrett 1 Qwikiwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2006-0705 2 Attachmatewrq, F-secure 2 Reflection For Secure It Server, F-secure Ssh Server 2026-04-16 N/A
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
CVE-2006-0707 1 Pyblosxom 1 Pyblosxom 2026-04-16 N/A
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
CVE-2006-0709 2 Metamail Corporation, Redhat 2 Metamail, Enterprise Linux 2026-04-16 N/A
Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.
CVE-2006-0714 1 Flyspray 1 Flyspray 2026-04-16 N/A
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
CVE-2006-0716 1 Solucija 1 Snews 2026-04-16 N/A
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
CVE-2006-0717 1 Ibm 1 Tivoli Directory Server 2026-04-16 N/A
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.
CVE-2006-0719 1 Deltascripts 1 Php Classifieds 2026-04-16 N/A
SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter.
CVE-2006-0721 1 Runcms 1 Runcms 2026-04-16 N/A
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.
CVE-2006-0722 1 Reamday Enterprises 1 Magic Downloads 2026-04-16 N/A
settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.
CVE-2006-0723 1 Reamday Enterprises 1 Magic News Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.
CVE-2006-0725 1 Plume-cms 1 Plume Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
CVE-2006-0115 1 Oneplug Solutions 1 Oneplug Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
CVE-2006-0019 2 Kde, Redhat 2 Kde, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
CVE-2005-4630 1 Clientexec 1 Clientexec 2026-04-16 N/A
SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.
CVE-2005-4663 1 Ocomon 1 Ocomon 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2005-4667 2 Info-zip, Redhat 2 Unzip, Enterprise Linux 2026-04-16 N/A
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.