Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5643 1 Foresite Cms 1 Foresite Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2007-5513 1 Oracle 1 Database Server 2026-04-23 N/A
The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
CVE-2006-5393 1 Cisco 1 Secure Desktop 2026-04-23 5.5 Medium
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
CVE-2006-5012 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
CVE-2007-2058 1 Picozip 1 Picozip 2026-04-23 N/A
Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.
CVE-2006-6872 1 Endonesia 1 Endonesia 2026-04-23 N/A
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
CVE-2007-2100 1 Fac Guestbook 1 Fac Guestbook 2026-04-23 N/A
FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.
CVE-2007-4122 1 Hitachi 1 Jp1-cm2-hierarchical Viewer 2026-04-23 N/A
Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data."
CVE-2006-6755 1 Ixprim 1 Ixprim Cms 2026-04-23 N/A
Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
CVE-2006-6774 1 Ciberia 1 Content Federator 2026-04-23 N/A
PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3691 1 Av Scripts 1 Av Tutorial Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
CVE-2007-1451 1 Guppy 1 Guppy 2026-04-23 N/A
GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).
CVE-2006-6509 1 Sitekiosk 1 Sitekiosk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.
CVE-2006-6517 1 Kdpics 1 Kdpics 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.
CVE-2006-6521 1 Scriptphp 1 Messageriescripthp 2026-04-23 N/A
SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter.
CVE-2006-6528 1 Drupal 1 Chatroom Module 2026-04-23 N/A
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges.
CVE-2006-6243 1 Fipsasp 1 Fipsshop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
CVE-2006-6252 1 Microsoft 1 Windows Live Messenger 2026-04-23 N/A
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
CVE-2006-6256 1 Alternc 1 Alternc 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name.
CVE-2006-6265 1 Microsoft 1 Teredo 2026-04-23 N/A
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.