Export limit exceeded: 361519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2993 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp. | ||||
| CVE-2005-2000 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. | ||||
| CVE-2006-2994 | 1 Christian Becher | 1 Phazizguestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter). | ||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | ||||
| CVE-2006-0675 | 1 Glen Campbell | 1 Siteframe | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-0676 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. | ||||
| CVE-2006-0677 | 1 Kth | 1 Heimdal | 2026-04-16 | N/A |
| telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. | ||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | ||||
| CVE-2006-0680 | 1 Plain Black | 1 Webgui | 2026-04-16 | N/A |
| Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL. | ||||
| CVE-2006-0681 | 1 Power Daemon | 1 Power Daemon | 2026-04-16 | N/A |
| Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable. | ||||
| CVE-2006-2996 | 1 Lovecompass | 1 Aepartner | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter. | ||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | ||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | ||||
| CVE-2006-2998 | 1 Free Qboard | 1 Free Qboard | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter. | ||||
| CVE-2006-0696 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-0698 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | ||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | ||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | ||||
| CVE-2006-0712 | 1 Squishdot | 1 Squishdot | 2026-04-16 | N/A |
| mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability. | ||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2026-04-16 | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | ||||