Export limit exceeded: 346164 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346164 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4759 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. | ||||
| CVE-2006-4760 | 1 Benjamin Pasero And Tobias Eichert | 1 Rssowl | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4761 | 1 Luke Hutteman | 1 Sharpreader | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4762 | 1 Rssreader | 1 Rssreader | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. | ||||
| CVE-2006-4763 | 1 Ibm | 1 Lotus Domino Web Access | 2026-04-16 | N/A |
| IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. | ||||
| CVE-2006-4765 | 1 Netgear | 1 Dg834gt | 2026-04-16 | N/A |
| NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. | ||||
| CVE-2006-4766 | 1 Stefan Ernst | 1 Newsscript | 2026-04-16 | N/A |
| Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter. | ||||
| CVE-2006-4768 | 1 Stefan Ernst | 1 Newsscript | 2026-04-16 | N/A |
| Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis. | ||||
| CVE-2006-4769 | 1 Gtasoft | 1 P4cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. | ||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | ||||
| CVE-2006-4771 | 1 Jbc | 1 Forumjbc | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. | ||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2026-04-16 | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | ||||
| CVE-2006-4774 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. | ||||
| CVE-2006-4775 | 1 Cisco | 2 Catos, Ios | 2026-04-16 | N/A |
| The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. | ||||
| CVE-2006-4776 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. | ||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2026-04-16 | N/A |
| SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information. | ||||
| CVE-2006-4779 | 1 Phpbb Group | 1 Vitrax Premodded Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4782 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | ||||
| CVE-2006-4783 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | ||||
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | ||||