Search Results (362270 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5985 1 Extreme Cms 1 Extreme Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5988 1 Microsoft 1 Windows 2000 2026-04-23 N/A
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
CVE-2006-6023 1 Bloo 1 Bloo 2026-04-23 N/A
PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php
CVE-2007-0575 1 Stefan Holmberg 1 Admentor 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.
CVE-2007-0576 1 Xt-stats 1 Xt-stats 2026-04-23 N/A
PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.
CVE-2007-0577 1 Acgvclick 1 Acgvclick 2026-04-23 N/A
PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0578 1 Mpg123 1 Mpg123 2026-04-23 N/A
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVE-2007-0581 1 Eclipsebb 1 Eclipsebb 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-0582 1 Chernobile 1 Chernobile 2026-04-23 N/A
SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.
CVE-2006-6027 1 Adobe 1 Acrobat Reader 2026-04-23 N/A
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
CVE-2006-6035 1 F-art Agency 1 Blog Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
CVE-2006-6036 1 Emreturk 1 Openhuman 2026-04-23 N/A
SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2007-0585 1 Webfwlog 1 Webfwlog 2026-04-23 N/A
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
CVE-2007-0594 1 Siteman 1 Siteman 2026-04-23 N/A
Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
CVE-2007-0595 1 Designmind 1 High5 Review Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).
CVE-2007-0596 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.
CVE-2007-0598 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.
CVE-2006-6044 1 Phpquickgallery 1 Phpquickgallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter.
CVE-2007-0599 1 Aztek Forum 1 Aztek Forum 2026-04-23 N/A
Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.
CVE-2006-6068 1 Malbum 1 Malbum 2026-04-23 N/A
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.