Export limit exceeded: 363800 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5114 | 1 Sap | 1 Internet Transaction Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. | ||||
| CVE-2006-5115 | 1 Kgb | 1 Kgb | 2026-04-23 | N/A |
| Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter. | ||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | ||||
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. | ||||
| CVE-2006-5124 | 1 Joshua Muheim | 1 Phpmywebmin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php. | ||||
| CVE-2006-5125 | 1 Joshua Muheim | 1 Phpmywebmin | 2026-04-23 | N/A |
| Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function. | ||||
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2026-04-23 | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | ||||
| CVE-2006-5127 | 1 Conpresso | 1 Conpresso Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php. | ||||
| CVE-2006-5162 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. | ||||
| CVE-2006-5128 | 1 Conpresso | 1 Conpresso Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter. | ||||
| CVE-2006-6776 | 1 Future Internet | 1 Future Internet | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | ||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2026-04-23 | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | ||||
| CVE-2007-4428 | 1 Lhaz | 1 Lhaz | 2026-04-23 | N/A |
| Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. | ||||
| CVE-2006-6801 | 1 Sh-news | 1 Sh-news | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. | ||||
| CVE-2006-5137 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-23 | N/A |
| Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts. | ||||
| CVE-2006-5140 | 1 Lappy512 | 1 Php Krazy Image Host Script | 2026-04-23 | N/A |
| SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2007-3480 | 1 Pc Soft | 1 Windev | 2026-04-23 | N/A |
| PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file. | ||||
| CVE-2006-5147 | 1 Vamp Webmail | 1 Vamp Webmail | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | ||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-6071 | 1 Twiki | 1 Twiki | 2026-04-23 | N/A |
| TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. | ||||