Export limit exceeded: 359472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2026-04-16 | N/A |
| CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | ||||
| CVE-2006-1289 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php. | ||||
| CVE-2006-1290 | 1 Milkeyway | 1 Milkeyway Captive Portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username, and (4) unspecified other parameters in (a) authuser.php; and the (5) username and (6) unspecified other parameters in (b) userstatistics.php. | ||||
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-16 | N/A |
| publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | ||||
| CVE-2006-1292 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-16 | N/A |
| Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | ||||
| CVE-2006-1293 | 1 Astalavista It Engineering | 1 Contrexx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). | ||||
| CVE-2005-4451 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors. | ||||
| CVE-2006-1294 | 1 Knowledgebasepublisher | 1 Knowledgebasepublisher | 2026-04-16 | N/A |
| PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter. | ||||
| CVE-2006-1295 | 1 Spip | 1 Spip | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. | ||||
| CVE-2006-1744 | 1 Joey Hess | 1 Bsdgames | 2026-04-16 | N/A |
| Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | ||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2026-04-16 | N/A |
| PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | ||||
| CVE-2005-4693 | 1 Gaim-encryption | 1 Gaim-encryption | 2026-04-16 | N/A |
| Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c. | ||||
| CVE-2006-1755 | 1 Matthew Dingley | 1 Md News | 2026-04-16 | N/A |
| SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1757 | 1 Bill Shupp | 1 Vegadns | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2006-1759 | 1 Swsoft | 1 Confixx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. | ||||
| CVE-2006-1762 | 1 Blursoft | 1 Blur6ex | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values. | ||||
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-4702 | 1 Ipbproarcade | 1 Ipbproarcade | 2026-04-16 | N/A |
| SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430. | ||||
| CVE-2006-1767 | 1 Nicecoder | 1 Indexu | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | ||||
| CVE-2006-1776 | 1 Simplog | 1 Simplog | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. | ||||