Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363781 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5962 | 1 Hpecs Shopping Cart | 1 Hpecs Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. | ||||
| CVE-2006-5960 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. NOTE: portions of these details are obtained from third party information. | ||||
| CVE-2006-6360 | 1 Sergey Korostel | 1 Php Upload Center | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | ||||
| CVE-2006-5959 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter. | ||||
| CVE-2006-5957 | 1 Infinicart | 1 Infinicart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed. | ||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2026-04-23 | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5944 | 1 Mginternet | 1 Car Site Manager | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter. | ||||
| CVE-2006-5939 | 1 Grisoft | 1 Avg Antivirus | 2026-04-23 | N/A |
| Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5937 | 1 Grisoft | 1 Avg Antivirus | 2026-04-23 | N/A |
| Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5921 | 1 Wheatblog | 1 Wheatblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195. | ||||
| CVE-2006-5917 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php. | ||||
| CVE-2006-5916 | 1 Intego | 1 Virusbarrier | 2026-04-23 | N/A |
| Intego VirusBarrier X4 allows context-dependent attackers to bypass virus protection by quickly injecting many infected files into the filesystem, which prevents VirusBarrier from processing all the files. | ||||
| CVE-2006-5915 | 1 Samedia | 1 Landshop | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. | ||||
| CVE-2006-5914 | 1 Samedia | 1 Landshop | 2026-04-23 | N/A |
| SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018. | ||||
| CVE-2008-0905 | 1 Meo | 1 Globsy | 2026-04-23 | N/A |
| Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | ||||
| CVE-2006-5913 | 1 Microsoft | 1 Ie | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | ||||
| CVE-2006-5862 | 1 Network Administration Visualized | 1 Network Administration Visualized | 2026-04-23 | N/A |
| Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors. | ||||
| CVE-2006-5861 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2026-04-23 | N/A |
| The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | ||||
| CVE-2006-5847 | 1 Freewebshop | 1 Freewebshop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||