Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3819 1 Twiki 1 Twiki 2026-04-16 N/A
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
CVE-2006-0477 1 Git 1 Git 2026-04-16 N/A
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
CVE-2005-0574 1 Cupidsystems 1 Cis Webserver 2026-04-16 N/A
Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.
CVE-2006-3873 1 Microsoft 4 Ie, Windows 2000, Windows 2003 Server and 1 more 2026-04-16 N/A
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
CVE-2006-3933 1 Alkacon 1 Opencms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
CVE-2005-0628 1 Demof 1 Forumwa 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.
CVE-2006-3935 1 Alkacon 1 Opencms 2026-04-16 N/A
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
CVE-2006-0508 1 Easy Cms 1 Easy Cms 2026-04-16 N/A
Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory.
CVE-2006-3943 1 Microsoft 1 Ie 2026-04-16 N/A
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
CVE-2006-3944 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
CVE-2006-3948 1 Php-nuke 1 Inp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2006-3953 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
CVE-2006-3957 1 Bosdev 1 Bosdates 2026-04-16 N/A
PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.
CVE-2006-3965 1 Banex 1 Banex 2026-04-16 N/A
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
CVE-2006-3984 2 Gianluca Baldo, Phpadsnew 2 Phpauction, Phpadsnew 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
CVE-2006-3996 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
CVE-2006-4003 1 Hobbit Monitor 1 Hobbit Monitor 2026-04-16 N/A
The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.
CVE-2006-4005 1 Bomberclone 1 Bomberclone 2026-04-16 N/A
BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
CVE-2006-4015 1 Hp 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl 2026-04-16 N/A
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.