Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4064 1 Alan Ward 1 A-faq 2026-04-16 N/A
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
CVE-2006-3369 1 Iduprey 1 Kamikaze-qscm 2026-04-16 N/A
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3371 1 Eupla 1 Foros 2026-04-16 N/A
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3372 1 Apple 1 Safari 2026-04-16 N/A
Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.
CVE-2006-3373 1 Hobbit Monitor 1 Hobbit Monitor 2026-04-16 N/A
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.
CVE-2006-3380 1 Freestyle 1 Freestyle Wiki 2026-04-16 N/A
Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.
CVE-2006-3383 1 Mads 1 Mads 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.
CVE-2006-3385 1 Vincent Leclercq 1 News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
CVE-2006-3471 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
CVE-2005-4140 1 Website Baker 1 Website Baker 2026-04-16 N/A
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
CVE-2006-3472 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to cause a denial of service via an HTML page with an A tag containing a long title attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3473 1 Drupal 1 Form Mail Module 2026-04-16 N/A
CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.
CVE-2006-3474 1 Belchior Foundry 1 Vcard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
CVE-2006-3478 1 Myphp Cms 1 Myphp Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the domain parameter.
CVE-2006-3481 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
CVE-2006-3482 1 Phpmaillist 1 Phpmaillist 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2005-4146 1 Lyris Technologies Inc 1 Listmanager 2026-04-16 N/A
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
CVE-2006-3485 1 Astrodog Press 1 Some Chess 2026-04-16 N/A
Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID parameter in board.php.
CVE-2003-0031 1 Mcrypt 1 Libmcrypt 2026-04-16 N/A
Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).
CVE-2006-3492 1 Mico 1 Mico 2026-04-16 N/A
The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect "object key", which triggers an assert error.