Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6248 1 Gphotos 1 Gphotos 2026-04-23 N/A
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.
CVE-2006-5518 1 Christopher Fowler 1 Rssonate 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/.
CVE-2007-0812 1 Woltlab 1 Burning Board Lite 2026-04-23 N/A
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
CVE-2007-0810 1 Geeklog 1 Geeklog 2026-04-23 N/A
PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
CVE-2007-0813 1 Home Production 1 Mysearchengine 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5522 1 Johannes Erdfelt 1 Kawf 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.
CVE-2006-5496 1 Timothy Claason 1 Knowledgebank 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
CVE-2006-5495 1 Trawler 1 Trawler Web Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.
CVE-2006-5497 1 Middlebury College 1 Segue Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.
CVE-2007-4084 1 Alstrasoft 1 Affiliate Network Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php.
CVE-2007-0814 1 Adrenalin Labs 1 Adrenalins Asp Chat 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.
CVE-2006-5395 1 Microsoft 1 Class Package Export Tool 2026-04-23 N/A
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-0817 1 Adobe 1 Coldfusion 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
CVE-2006-5546 1 Otscms 1 Otscms 2026-04-23 N/A
PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] parameter.
CVE-2006-5557 1 Hp 1 Hp-ux 2026-04-23 N/A
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain.
CVE-2006-5570 1 Kynoslogic 1 Cruiseworks 2026-04-23 N/A
Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter.
CVE-2006-5599 1 Oracle 1 Apex 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.
CVE-2006-5658 1 Studio Achtundachtzig 1 Bloomooweb Activex Control 2026-04-23 N/A
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
CVE-2006-5667 1 P-book 1 P-book 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pb_lang parameter to (1) admin.php and (2) pbook.php.
CVE-2006-5374 1 Oracle 1 Pharmaceutical 2026-04-23 N/A
Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01.