Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5718 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. | ||||
| CVE-2006-5719 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2025-04-09 | N/A |
| SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606. | ||||
| CVE-2006-5720 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-09 | N/A |
| SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | ||||
| CVE-2006-5727 | 1 Sazcart | 1 Sazcart | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters. | ||||
| CVE-2006-5729 | 1 Yazd | 1 Yazd Discussion Forum | 2025-04-09 | N/A |
| Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | ||||
| CVE-2006-5730 | 1 Modxcms | 1 Modxcms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. | ||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-09 | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | ||||
| CVE-2006-5734 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404. | ||||
| CVE-2006-5735 | 1 Punbb | 1 Punbb | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the language parameter, related to register.php storing a language value in the users table. | ||||
| CVE-2006-5736 | 1 Punbb | 1 Punbb | 2025-04-09 | N/A |
| SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | ||||
| CVE-2006-5742 | 1 Airmagnet | 1 Enterprise | 2025-04-09 | N/A |
| The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". | ||||
| CVE-2006-5782 | 1 Hp | 1 Openview Client Configuraton Manager | 2025-04-09 | N/A |
| radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv. | ||||
| CVE-2006-5790 | 1 Stefan Ritt | 1 Elog Web Logbook | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions. | ||||
| CVE-2006-5795 | 1 Openemr | 1 Openemr | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the srcdir parameter to (a) billing_process.php, (b) billing_report.php, (c) billing_report_xml.php, and (d) print_billing_report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main_info.php and (i) main.php in interface/main/; (j) interface/new/new_patient_save.php; (k) interface/practice/ins_search.php; (l) interface/logout.php; (m) custom_report_range.php, (n) players_report.php, and (o) front_receipts_report.php in interface/reports/; (p) facility_admin.php, (q) usergroup_admin.php, and (r) user_info.php in interface/usergroup/; or (s) custom/import_xml.php. | ||||
| CVE-2006-5797 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters. | ||||
| CVE-2006-5798 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | N/A |
| SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter. | ||||
| CVE-2006-5799 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters. | ||||
| CVE-2006-5800 | 1 Xenis | 1 Xenis.creator Cms | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5802 | 1 The Web Drivers | 1 Simple Forum | 2025-04-09 | N/A |
| SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5803 | 1 Mxbb | 1 Mxbb Smartor Album | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||