Export limit exceeded: 362729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1262 | 1 Aspportal | 1 Aspportal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | ||||
| CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2026-04-16 | N/A |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | ||||
| CVE-2002-0492 | 1 Dcscripts | 1 Dcshop | 2026-04-16 | N/A |
| dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter. | ||||
| CVE-2006-1267 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. | ||||
| CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1271 | 1 Oxynews | 1 Oxynews | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. | ||||
| CVE-2006-1276 | 1 Himpfen Consulting | 1 Php Simplenews | 2026-04-16 | N/A |
| admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. | ||||
| CVE-2006-1277 | 1 Upoint | 1 At1 File Store | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. | ||||
| CVE-2006-1279 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2026-04-16 | N/A |
| CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. | ||||
| CVE-2000-0946 | 1 Compaq | 1 Easy Access Keyboard Software | 2026-04-16 | N/A |
| Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. | ||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2026-04-16 | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | ||||
| CVE-2006-1301 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-16 | N/A |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. | ||||
| CVE-2006-1302 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." | ||||
| CVE-2006-1021 | 1 Pehepe | 2 Membership Management System, Uyelik Sistemi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable). | ||||
| CVE-2006-1022 | 1 Pehepe | 1 Membership Management System | 2026-04-16 | N/A |
| PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE. | ||||
| CVE-2006-1023 | 1 Hp | 1 System Management Homepage | 2026-04-16 | N/A |
| Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | ||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2026-04-16 | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2026-04-16 | N/A |
| JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | ||||