Export limit exceeded: 359582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5949 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-6041 | 1 Laurent Van Den Reysen | 1 Work System E-commerce | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/. | ||||
| CVE-2006-6042 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. | ||||
| CVE-2006-6045 | 1 Comdev | 1 Comdev One Admin Pro | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. | ||||
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | ||||
| CVE-2006-6079 | 1 Imendio Ab | 1 Loudmouth | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php. | ||||
| CVE-2007-3487 | 1 Hp | 1 Photo Digital Imaging Activex Control | 2026-04-23 | N/A |
| Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method. | ||||
| CVE-2006-6052 | 1 Netepi Case Manager | 1 Netepi Case Manager | 2026-04-23 | N/A |
| NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2006-6053 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. | ||||
| CVE-2006-6068 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. | ||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | ||||
| CVE-2007-3729 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | ||||
| CVE-2006-6070 | 1 Asp-nuke | 1 Asp-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. | ||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | ||||
| CVE-2006-5958 | 1 Infinicart | 1 Infinicart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. | ||||
| CVE-2006-6082 | 1 Creascripts | 1 Creadirectory | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp. | ||||
| CVE-2006-6089 | 1 Baalasp | 1 Baalasp Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. | ||||
| CVE-2006-6096 | 1 Dotnetindex | 1 Active News Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2007-3730 | 1 Hp | 1 Openvms | 2026-04-23 | N/A |
| The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | ||||
| CVE-2006-6102 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, X.org, Xfree86 X Server | 2026-04-23 | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||