Search Results (363284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6806 1 Enthrallweb 1 Emates 2026-04-23 N/A
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6813 1 Mxmania 1 Mxmania File Upload Manager 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6814 1 Hosting Controller 1 Hosting Controller 2026-04-23 N/A
Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.
CVE-2006-6823 1 Yrch 1 Yrch 2026-04-23 N/A
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-0845 1 Advanced Poll 1 Advanced Poll 2026-04-23 N/A
admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
CVE-2006-6824 1 Php Icalendar 1 Php Icalendar 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24.
CVE-2006-6830 1 Cafelog 1 B2 Blog 2026-04-23 N/A
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
CVE-2006-6833 1 Joomla 1 Joomla 2026-04-23 N/A
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
CVE-2006-6835 1 Neocrome 1 Land Down Under 2026-04-23 N/A
SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
CVE-2006-6836 1 Ibm 1 Os 400 2026-04-23 N/A
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
CVE-2006-6842 1 Codemonkeyx 1 Acronym Mod 2026-04-23 N/A
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6843 1 Joomla 1 Be It Easypartner Component 2026-04-23 N/A
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6846 1 Cybercoded 1 While You Were Out Inout Board 2026-04-23 N/A
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
CVE-2006-6850 1 Shadowed Works 1 Shadowed Portal 2026-04-23 N/A
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
CVE-2006-6851 1 Mobilelib 1 Mobilelib Gold 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
CVE-2006-6852 1 Tdiary 1 Tdiary 2026-04-23 N/A
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
CVE-2006-6859 1 Website Designs For Less 1 Click N Print Coupons 2026-04-23 N/A
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2007-0849 1 Syscp Team 1 Syscp 2026-04-23 N/A
scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.
CVE-2006-6860 1 Mythcontrol 1 Mythcontrol 2026-04-23 N/A
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
CVE-2006-6861 1 Outfront 1 Spooky Login 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.