Export limit exceeded: 29932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29932 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5729 | 1 Yazd | 1 Yazd Discussion Forum | 2026-04-23 | N/A |
| Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | ||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | ||||
| CVE-2009-1447 | 1 E-cart | 1 Free Shopping Cart | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/. | ||||
| CVE-2006-7150 | 1 Mambo | 1 Mambo Open Source | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | ||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | ||||
| CVE-2006-5737 | 1 Punbb | 1 Punbb | 2026-04-23 | N/A |
| PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | ||||
| CVE-2006-5761 | 1 Rhadrix | 1 If-cms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. | ||||
| CVE-2006-5759 | 1 Rhadrix | 1 If-cms | 2026-04-23 | N/A |
| index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote attackers to obtain the full path of the web server via empty (1) rns[] or (2) pag[] arguments, which reveals the path in an error message. | ||||
| CVE-2007-1933 | 1 Dreamcodes | 1 Pcp-guestbook | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. | ||||
| CVE-2006-5778 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2026-04-23 | N/A |
| ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | ||||
| CVE-2006-5787 | 1 Iprimal | 1 Iprimal Forums | 2026-04-23 | N/A |
| admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php. | ||||
| CVE-2006-5790 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions. | ||||
| CVE-2006-5807 | 1 Cisco | 1 Secure Desktop | 2026-04-23 | N/A |
| Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | ||||
| CVE-2006-5808 | 1 Cisco | 1 Secure Desktop | 2026-04-23 | N/A |
| The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | ||||
| CVE-2007-2818 | 1 Cactusoft | 1 Parodia | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. | ||||
| CVE-2006-5816 | 1 Dmitry Sheiko | 1 Business Card Web Builder | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder (BCWB) 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the root_path_admin parameter to (1) /include/startup.inc.php, (2) dcontent/default.css.php, or (3) system/default.css.php, different vectors than CVE-2006-4946. | ||||
| CVE-2006-5818 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-5819 | 1 Verity | 1 Ultraseek | 2026-04-23 | N/A |
| Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script. | ||||
| CVE-2006-7035 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2026-04-23 | N/A |
| Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | ||||
| CVE-2006-5823 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. | ||||