Export limit exceeded: 357939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357939 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3291 | 1 Livecms | 1 Livecms | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | ||||
| CVE-2006-6510 | 1 Sitekiosk | 1 Sitekiosk | 2026-04-23 | N/A |
| An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. | ||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2026-04-23 | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | ||||
| CVE-2007-3292 | 1 Livecms | 1 Livecms | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article. | ||||
| CVE-2006-6519 | 1 Scriptphp | 1 Pronews | 2026-04-23 | N/A |
| SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | ||||
| CVE-2006-6552 | 1 Php | 1 Blog Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | ||||
| CVE-2006-6554 | 1 Kerio | 1 Kerio Mailserver | 2026-04-23 | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. | ||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | ||||
| CVE-2006-6602 | 1 Microsoft | 2 Windows Explorer, Windows Xp | 2026-04-23 | N/A |
| explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. | ||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | ||||
| CVE-2006-6612 | 1 Phpmycms | 1 Phpmycms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | ||||
| CVE-2007-3296 | 1 Xunlei | 1 Web Thunderbolt | 2026-04-23 | N/A |
| The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods. | ||||
| CVE-2006-6624 | 1 Sambar | 1 Sambar Server | 2026-04-23 | N/A |
| The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | ||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3297 | 1 Cybozu Labs | 1 Musoo | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php. | ||||
| CVE-2006-6631 | 1 Ibiblio | 1 Osprey | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | ||||
| CVE-2007-3298 | 1 Spey | 1 Spey | 2026-04-23 | N/A |
| SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | ||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | ||||
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | ||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||