Export limit exceeded: 355356 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7060 | 1 Scriptsez.net | 1 E-dating System | 2026-04-23 | N/A |
| cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message. | ||||
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2026-04-23 | N/A |
| Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | ||||
| CVE-2006-7062 | 1 Kmail | 1 Kmail | 2026-04-23 | N/A |
| calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | ||||
| CVE-2006-7063 | 1 Tinyphpforum | 1 Tinyphpforum | 2026-04-23 | N/A |
| Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter. | ||||
| CVE-2006-7064 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | ||||
| CVE-2006-7065 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | ||||
| CVE-2006-7066 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-23 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected. | ||||
| CVE-2006-7067 | 1 Oracle | 1 Database Server | 2026-04-23 | N/A |
| Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect. | ||||
| CVE-2007-2817 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2026-04-23 | N/A |
| SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-7070 | 1 Etomite | 1 Etomite | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. | ||||
| CVE-2006-7074 | 1 Smartsitecms | 1 Smartsitecms | 2026-04-23 | N/A |
| admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | ||||
| CVE-2007-2818 | 1 Cactusoft | 1 Parodia | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. | ||||
| CVE-2007-2819 | 1 Track\+ | 1 Track\+ | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. | ||||
| CVE-2007-2820 | 1 Ksign | 1 Ksignswat | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions. | ||||
| CVE-2006-7078 | 1 Professional Home Page Tools Login Script | 1 Professional Home Page Tools Login Script | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources. | ||||
| CVE-2006-7079 | 1 Exv2 | 1 Content Management System | 2026-04-23 | 9.8 Critical |
| Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | ||||
| CVE-2006-7080 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. | ||||
| CVE-2006-7081 | 1 Phpnews | 1 Phpnews | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3. | ||||
| CVE-2006-7083 | 1 Rigter Portal System | 1 Rigter Portal System | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | ||||
| CVE-2006-7085 | 1 Rigter Portal System | 1 Rigter Portal System | 2026-04-23 | N/A |
| Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely. | ||||