Export limit exceeded: 348878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348878 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7126 | 1 Joomla | 1 Bsq Sitestats | 2026-04-23 | N/A |
| SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. | ||||
| CVE-2006-7125 | 1 Joomla | 1 Bsq Sitestats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. | ||||
| CVE-2007-4334 | 1 Php-stats | 1 Php-stats | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. | ||||
| CVE-2006-7132 | 1 Cynux Softwares | 1 Phpmydesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php. | ||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | ||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | ||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | ||||
| CVE-2006-6695 | 1 Carsen Klock | 1 Textsend | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | ||||
| CVE-2006-6700 | 1 Calacode | 1 Atmail Webmail System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | ||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | ||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | ||||
| CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2026-04-23 | N/A |
| SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | ||||
| CVE-2006-6710 | 1 Matteolucarelli | 1 Pgmreloaded | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. | ||||
| CVE-2006-6725 | 1 Phpbuilder | 1 Phpbuilder | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6727 | 1 Inertianews | 1 Inertianews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | ||||
| CVE-2006-6728 | 1 Lan Messenger | 1 Lan Messenger | 2026-04-23 | N/A |
| Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors. | ||||
| CVE-2006-6729 | 1 A-blog | 1 A-blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||