Export limit exceeded: 366484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366484 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2291 1 Inhouse Associates 1 Ia-calendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2292 1 Inhouse Associates 1 Ia-calendar 2026-04-16 N/A
Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2293 1 Expinion.net 1 Multicalendars 2026-04-16 N/A
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2300 1 Keyvan1 1 Eimagepro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.
CVE-2006-2308 1 Etype 1 Eserv 2026-04-16 N/A
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
CVE-2006-2310 1 New Atlanta Communications 2 Bluedragon Server, Bluedragon Server Jx 2026-04-16 N/A
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.
CVE-2006-2315 1 Ispconfig 1 Ispconfig 2026-04-16 N/A
PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled
CVE-2006-2318 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server.
CVE-2001-0112 2 Debian, Sam Lantinga 2 Debian Linux, Splitvt 2026-04-16 N/A
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
CVE-2002-0802 2 Postgresql, Redhat 2 Postgresql, Database 2026-04-16 N/A
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
CVE-2006-2319 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character before the ".asp" portion of the filename.
CVE-2006-2321 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2207.
CVE-2006-2324 1 180solutions 1 Zango 2026-04-16 N/A
180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com.
CVE-2006-2325 1 Onlyscript.info 1 Online Universal Payment System Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Also, this issue might be resultant from directory traversal.
CVE-2001-0121 1 Storagesoft 1 Imagecast Ic3 2026-04-16 N/A
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
CVE-2006-1912 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks.
CVE-2002-0767 1 Richard Gooch 1 Simpleinit 2026-04-16 N/A
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
CVE-2000-1160 1 Network Associates 1 Sniffer Agent 2026-04-16 N/A
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
CVE-2006-1911 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment.
CVE-2006-1909 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences.