Export limit exceeded: 363358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | ||||
| CVE-2006-4345 | 1 Digium | 1 Asterisk | 2026-04-16 | N/A |
| Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. | ||||
| CVE-2006-4346 | 1 Digium | 1 Asterisk | 2026-04-16 | N/A |
| Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | ||||
| CVE-2006-4347 | 1 Jiran | 2 Cool Manager, Cool Messenger Office School Server | 2026-04-16 | N/A |
| SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | ||||
| CVE-2006-4348 | 1 Kochsuite Component | 1 Kochsuite Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4350 | 1 Oneorzero | 1 Oneorzero | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-4351 | 1 Oneorzero | 1 Oneorzero | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-4353 | 1 Sun | 1 Java System Content Delivery Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. | ||||
| CVE-2006-4354 | 1 Phome Empire | 1 Phome Empire Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | ||||
| CVE-2006-4355 | 1 Drupal | 1 Drupal Easylinks Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4356 | 1 Drupal | 1 Drupal Easylinks Module | 2026-04-16 | N/A |
| SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-4386 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. | ||||
| CVE-2006-4370 | 1 Alt-n | 1 Webadmin | 2026-04-16 | N/A |
| Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. | ||||
| CVE-2006-4371 | 1 Alt-n | 1 Webadmin | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. | ||||
| CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | ||||
| CVE-2006-4373 | 1 Derek Leung | 1 Pslash | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | ||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2026-04-16 | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | ||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined | ||||
| CVE-2006-4376 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | ||||
| CVE-2006-4377 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | ||||