Export limit exceeded: 363150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363150 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3114 1 Pc Tools 1 Pc Tools Antivirus 2026-04-16 N/A
PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
CVE-2006-3128 1 Easy-cms 1 Easy-cms 2026-04-16 N/A
choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.
CVE-2006-3129 1 Nc Linklist 1 Nc Linklist 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.
CVE-2006-3140 1 Openci 1 Openci 2026-04-16 N/A
SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3134 1 Gracenote 1 Cddbcontrol Activex Control 2026-04-16 N/A
Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.
CVE-2006-3138 1 Accomplishtechnology 1 Phpmydirectory 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
CVE-2006-3139 1 Vwar 1 Virtual War 2026-04-16 N/A
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.
CVE-2006-3142 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2006-3152 1 Bluehouse Project 1 Phptrader 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php.
CVE-2006-3153 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-3154 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3156 1 Thinkfactory 1 Ultimate Eshop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.
CVE-2006-3158 1 Eduha Meeting 1 Eduha Meeting 2026-04-16 N/A
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
CVE-2006-3159 1 Sun 2 Iplanet Messaging Server, One Messaging Server 2026-04-16 N/A
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
CVE-2006-3160 1 Onedotoh 1 Simple File Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-3161 1 Saphp 1 Saphplesson 2026-04-16 N/A
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
CVE-2006-3162 1 Smartsitecms 1 Smartsitecms 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2006-3163 1 Imgallery 1 Imgallery 2026-04-16 N/A
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
CVE-2006-3164 1 Tpl Design 1 Tplshop 2026-04-16 N/A
SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.
CVE-2006-3165 1 Free Realty 1 Free Realty 2026-04-16 N/A
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.