Export limit exceeded: 347437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4527 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. | ||||
| CVE-2006-4528 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. | ||||
| CVE-2006-4529 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. | ||||
| CVE-2006-4530 | 1 Membrepass | 1 Membrepass | 2026-04-16 | N/A |
| Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | ||||
| CVE-2006-4531 | 1 Bare Concept Media | 1 Pheap Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. | ||||
| CVE-2006-4541 | 1 Iss | 1 Blackice Pc Protection | 2026-04-16 | N/A |
| RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected. | ||||
| CVE-2006-4533 | 1 Plume-cms | 1 Plume Cms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. | ||||
| CVE-2006-4534 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. | ||||
| CVE-2006-4536 | 1 Cms Frogss | 1 Cms Frogss | 2026-04-16 | N/A |
| SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. | ||||
| CVE-2006-4537 | 1 Dec | 1 Dec Openvms Alpha | 2026-04-16 | N/A |
| NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file. | ||||
| CVE-2006-4538 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries. | ||||
| CVE-2006-4539 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-16 | N/A |
| (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4540 | 1 Learn.com | 1 Learncenter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-4544 | 1 Exbb | 1 Exbb | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor. | ||||
| CVE-2006-4545 | 1 Modulebased Cms | 1 Modulebased Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker | ||||
| CVE-2006-4546 | 1 Lyris | 1 List Manager | 2026-04-16 | N/A |
| Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. | ||||
| CVE-2006-4547 | 1 Lyris | 1 List Manager | 2026-04-16 | N/A |
| Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. | ||||
| CVE-2006-4551 | 1 Chxo | 1 Feedsplitter | 2026-04-16 | N/A |
| Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. | ||||
| CVE-2006-4552 | 1 Chxo | 1 Feedsplitter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. | ||||
| CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||