Export limit exceeded: 357812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-0599 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. | ||||
| CVE-2006-6068 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. | ||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | ||||
| CVE-2006-6074 | 1 Enthrallweb | 1 Eshopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier. | ||||
| CVE-2007-0601 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-23 | N/A |
| common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. | ||||
| CVE-2007-0608 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2026-04-23 | N/A |
| Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | ||||
| CVE-2007-4716 | 1 Phd | 1 Help Desk | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-4722 | 1 Move Networks Inc | 1 Move Media Player | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods. | ||||
| CVE-2006-6077 | 3 Mozilla, Netscape, Redhat | 3 Firefox, Navigator, Enterprise Linux | 2026-04-23 | N/A |
| The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. | ||||
| CVE-2006-6083 | 1 Creascripts | 1 Creadirectory | 2026-04-23 | N/A |
| SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2026-04-23 | N/A |
| Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6085 | 1 Kile | 1 Kile | 2026-04-23 | N/A |
| Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. | ||||
| CVE-2006-6086 | 1 E-ark | 1 E-ark | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | ||||
| CVE-2006-6087 | 1 My Little Homepage | 1 My Little Weblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2006-6088 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6095 | 1 Dotnetindex | 1 Active News Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | ||||
| CVE-2006-6101 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, X.org, Xfree86 | 2026-04-23 | N/A |
| Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | ||||
| CVE-2006-6102 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, X.org, Xfree86 X Server | 2026-04-23 | N/A |
| Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||
| CVE-2006-6103 | 3 Redhat, X.org, Xfree86 Project | 3 Enterprise Linux, X.org, Xfree86 | 2026-04-23 | N/A |
| Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||
| CVE-2006-6113 | 1 James Greenwood | 1 Monkey Boards | 2026-04-23 | N/A |
| Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path. | ||||