Export limit exceeded: 360226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6978 | 1 Fckeditor | 1 Fckeditor | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | ||||
| CVE-2006-6974 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | ||||
| CVE-2006-6976 | 1 Centipaid | 1 Centipaid | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | ||||
| CVE-2006-6977 | 1 Freetextbox | 1 Freetextbox | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | ||||
| CVE-2008-1764 | 1 Opera | 1 Opera | 2026-04-23 | N/A |
| Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." | ||||
| CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2026-04-23 | N/A |
| Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | ||||
| CVE-2006-6998 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | ||||
| CVE-2006-6999 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | ||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2026-04-23 | N/A |
| Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | ||||
| CVE-2006-7001 | 1 Phpmychat Plus | 1 Phpmychat Plus | 2026-04-23 | N/A |
| Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-6363 | 1 Ibm | 1 Tivoli Netcool Security Manager | 2026-04-23 | N/A |
| IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | ||||
| CVE-2006-7032 | 1 Tufat | 1 Flashbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-1004 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. | ||||
| CVE-2006-7056 | 1 Dreamcost | 1 Hostadmin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791. | ||||
| CVE-2006-7059 | 1 Scriptsez.net | 1 E-dating System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | ||||
| CVE-2006-7069 | 1 Socketwiz | 1 Bookmarks | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter. | ||||
| CVE-2006-7072 | 1 Geodesicsolutions | 1 Geoclassifieds Enterprise | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php. | ||||
| CVE-2007-4331 | 1 Ctw Design | 1 Findnix | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter. | ||||
| CVE-2007-6385 | 1 Kerio | 1 Winroute Firewall | 2026-04-23 | N/A |
| The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | ||||
| CVE-2006-7076 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection. | ||||