Export limit exceeded: 345224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345224 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4662 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. | ||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4665 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. | ||||
| CVE-2006-4666 | 1 Stefan Ernst | 1 Newsscript | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php. | ||||
| CVE-2006-4667 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. | ||||
| CVE-2006-4668 | 1 Rob Hensley | 1 Ackertodo | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. | ||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | ||||
| CVE-2006-4673 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. | ||||
| CVE-2006-4675 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. | ||||
| CVE-2006-4676 | 1 Tibco | 1 Rendezvous | 2026-04-16 | N/A |
| TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. | ||||
| CVE-2006-4678 | 1 Comscripts | 1 News Evolution | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php. | ||||
| CVE-2006-4679 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". | ||||
| CVE-2006-4680 | 1 Canon | 7 Imagerunner 2620, Imagerunner 5020, Imagerunner 6870 and 4 more | 2026-04-16 | N/A |
| The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. | ||||
| CVE-2006-4681 | 1 Ibm | 1 Director | 2026-04-16 | N/A |
| Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | ||||
| CVE-2006-4682 | 1 Ibm | 1 Director | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | ||||
| CVE-2006-4683 | 1 Ibm | 1 Director | 2026-04-16 | N/A |
| IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. | ||||
| CVE-2006-4707 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). | ||||
| CVE-2006-4708 | 1 Vikingboard | 1 Vikingboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php. | ||||
| CVE-2006-4709 | 1 Vikingboard | 1 Vikingboard | 2026-04-16 | N/A |
| SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter. | ||||
| CVE-2006-4710 | 1 Newsgator | 1 Feeddemon | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. | ||||