Export limit exceeded: 349971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349971 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4876 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register. | ||||
| CVE-2005-2155 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter. | ||||
| CVE-2006-4880 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages. | ||||
| CVE-2006-4882 | 1 Charon Internet | 1 Charon Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. | ||||
| CVE-2006-4883 | 1 Idevspot | 1 Bizdirectory | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. | ||||
| CVE-2005-2162 | 1 Levcgi.com | 1 Myguestbook | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. | ||||
| CVE-2006-4887 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2026-04-16 | N/A |
| Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. | ||||
| CVE-2006-4890 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php. | ||||
| CVE-2006-4891 | 1 Techno Dreams | 1 Articles And Papers Package | 2026-04-16 | N/A |
| SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2006-4892 | 1 Techno Dreams | 1 Faq Manager Package | 2026-04-16 | N/A |
| SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2005-2164 | 1 Covide Groupware-crm | 1 Covide | 2026-04-16 | N/A |
| SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-4895 | 1 Idevspot | 1 Nixieaffiliate | 2026-04-16 | N/A |
| IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | ||||
| CVE-2006-4897 | 1 Cmtexts | 1 Cmtexts | 2026-04-16 | N/A |
| CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password. | ||||
| CVE-2006-4898 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter. | ||||
| CVE-2006-4900 | 1 Broadcom | 1 Etrust Security Command Center | 2026-04-16 | N/A |
| Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function. | ||||
| CVE-2005-2165 | 1 Globalnotescript | 1 Globalnotescript | 2026-04-16 | N/A |
| read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. | ||||
| CVE-2006-4904 | 1 Qualiteam | 1 X-cart | 2026-04-16 | N/A |
| Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | ||||
| CVE-2006-4905 | 1 Artmedic Webdesign | 1 Artmedic Links | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. | ||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2026-04-16 | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | ||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | ||||