Search Results (363327 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6446 1 Iware 1 Iware Professional 2026-04-23 N/A
SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5883 1 Mini-pub 1 Mini-pub 2026-04-23 N/A
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
CVE-2006-6451 1 Swsoft 1 Plesk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
CVE-2006-6452 1 Myarticles 1 Myarticles 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php.
CVE-2006-6455 1 Duware 1 Dudirectory 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-3271 1 Yourfreescreamer 1 Yourfreescreamer 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.
CVE-2006-5072 1 Mono 1 Mono 2026-04-23 N/A
The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.
CVE-2006-6462 1 Cm68 News 1 Cm68 News 2026-04-23 N/A
PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter.
CVE-2007-3285 2 Microsoft, Mozilla 2 Windows, Firefox 2026-04-23 N/A
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.
CVE-2009-2614 1 Datachecknh 1 Linkpal 2026-04-23 N/A
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5174 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a bad address," which triggers a fault that prevents the unused memory from being cleared in the kernel buffer.
CVE-2006-6479 1 Scriptphp 1 Annoncescripthp 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php.
CVE-2006-6480 1 Scriptphp 1 Annoncescripthp 2026-04-23 N/A
admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users.
CVE-2006-6478 1 Scriptphp 1 Annoncescripthp 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
CVE-2006-6482 1 Adobe 1 Coldfusion 2026-04-23 N/A
Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag.
CVE-2006-6483 1 Adobe 1 Coldfusion 2026-04-23 N/A
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
CVE-2006-6485 1 Shopsite 1 Shopsite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors.
CVE-2006-6486 1 Easypage 1 Easypage 2026-04-23 N/A
SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via unspecified vectors in sptrees/default.aspx, possibly involving the docId parameter. NOTE: this issue appears to have been disputed by a third party researcher, stating that SQL injection is not possible. However, insufficient details were provided to evaluate the dispute.
CVE-2006-6487 1 Dt Guestbook 1 Dt Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
CVE-2007-3289 1 Xoops 1 Wiwimod Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.