Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1568 | 1 Redcms | 1 Redcms | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters. | ||||
| CVE-2006-1571 | 1 R2xdesign | 1 Qlitenews | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2006-1574 | 1 Hitachi | 4 Groupmax World Wide Web, Groupmax World Wide Web Desktop, Groupmax World Wide Web Desktop Scheduler and 1 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1586 | 1 Internet Solutions Professionals | 1 Site Man | 2025-04-03 | N/A |
| SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. | ||||
| CVE-2006-1732 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | ||||
| CVE-2006-1734 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | ||||
| CVE-2006-1736 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2025-04-03 | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. | ||||
| CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. | ||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2025-04-03 | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | ||||
| CVE-2006-1763 | 1 Blursoft | 1 Blur6ex | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | ||||
| CVE-2006-1767 | 1 Nicecoder | 1 Indexu | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in nicecoder.com INDEXU 5.0.0 and 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the theme_path parameter in (1) index.php, (2) become_editor.php, (3) add.php, (4) bad_link.php, (5) browse.php, (6) detail.php, (7) fav.php, (8) get_rated.php, (9) login.php, (10) mailing_list.php, (11) new.php, (12) modify.php, (13) pick.php, (14) power_search.php, (15) rating.php, (16) register.php, (17) review.php, (18) rss.php, (19) search.php, (20) send_pwd.php, (21) sendmail.php, (22) tell_friend.php, (23) top_rated.php, (24) user_detail.php, and (25) user_search.php; and the (26) base_path parameter in invoice.php. | ||||
| CVE-2006-1768 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php. | ||||
| CVE-2006-1769 | 1 Userland | 1 Manila | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. | ||||
| CVE-2006-1782 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. | ||||
| CVE-2006-1785 | 1 Adobe | 1 Document Server | 2025-04-03 | N/A |
| Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. | ||||
| CVE-2006-1791 | 1 Jl Webworks | 1 Quickblogger | 2025-04-03 | N/A |
| Directory traversal vulnerability in acc.php in QuickBlogger 1.4 allows remote attackers to read or include arbitrary local files via the request parameter. NOTE: this issue can also produce resultant XSS when the associated include statement fails. | ||||
| CVE-2006-1797 | 1 Netbsd | 1 Netbsd | 2025-04-03 | N/A |
| The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. | ||||
| CVE-2006-1805 | 1 Powerscripts | 1 Powerclan | 2025-04-03 | N/A |
| SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter. | ||||
| CVE-2006-1816 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. | ||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | ||||