Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0882 1 Phpoutsourcing 1 Noahs Classifieds 2026-04-16 N/A
Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.
CVE-2006-0885 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2006-0895 1 Nocc 1 Nocc 2026-04-16 N/A
NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.
CVE-2006-0919 1 Oi 1 Email Marketing System 2026-04-16 N/A
SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
CVE-2006-0937 1 Unu Networks 1 Mailgust 2026-04-16 N/A
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.
CVE-2006-0940 1 Cynical Games 1 Shoutlive 2026-04-16 N/A
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
CVE-2006-0944 1 Archangelmgt 1 Weblog 2026-04-16 N/A
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.
CVE-2006-0946 1 Thomson 1 Speedtouch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.
CVE-2006-0948 1 Aol 1 Aol 2026-04-16 N/A
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files.
CVE-2006-0949 1 Raidenhttpd 1 Raidenhttpd 2026-04-16 N/A
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.
CVE-2006-0981 1 E-merge 1 E-merge Winace 2026-04-16 N/A
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
CVE-2006-1023 1 Hp 1 System Management Homepage 2026-04-16 N/A
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
CVE-2006-1036 1 Oracle 1 Diagnostics 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions."
CVE-2006-1044 1 Lsoft 1 Listserv 2026-04-16 N/A
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.
CVE-2006-1088 1 Php-stats 1 Php-stats 2026-04-16 N/A
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.
CVE-2006-1132 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
CVE-2006-1141 1 Inter7 1 Qmailadmin 2026-04-16 N/A
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
CVE-2006-1142 1 Solido Systems 1 Ravenous Web Server 2026-04-16 N/A
Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact.
CVE-2006-1265 1 Xhawk.net 1 Discussion 2026-04-16 N/A
SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter.
CVE-2006-1190 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.