Export limit exceeded: 345182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0308 | 1 Htmltonuke | 1 Htmltonuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter. | ||||
| CVE-2006-0309 | 1 Linksys | 1 Befvp41 | 2026-04-16 | N/A |
| Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. | ||||
| CVE-2006-0310 | 1 Mike Helton | 1 Aoblogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag. | ||||
| CVE-2006-0311 | 1 Mike Helton | 1 Aoblogger | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-0312 | 1 Mike Helton | 1 Aoblogger | 2026-04-16 | N/A |
| create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1. | ||||
| CVE-2006-0321 | 1 Fetchmail | 1 Fetchmail | 2026-04-16 | N/A |
| fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. | ||||
| CVE-2006-0314 | 1 Pdfdirectory | 1 Pdfdirectory | 2026-04-16 | N/A |
| PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. | ||||
| CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2026-04-16 | N/A |
| index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | ||||
| CVE-2006-0316 | 1 Aol | 1 Aol Client Software | 2026-04-16 | N/A |
| Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-0317 | 1 Redkernel | 1 Referrer Tracker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | ||||
| CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2026-04-16 | N/A |
| Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | ||||
| CVE-2006-0320 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | ||||
| CVE-2006-0324 | 1 Webspot | 1 Webspotblogging | 2026-04-16 | N/A |
| SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | ||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2026-04-16 | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | ||||
| CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2026-04-16 | N/A |
| TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | ||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2026-04-16 | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | ||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2026-04-16 | N/A |
| SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | ||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2026-04-16 | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | ||||