Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6420 1 Ryan Demmer 1 Joomla Content Editor 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5515 2 Phpadsnew, Phppgads 2 Phpadsnew, Phppgads 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface.
CVE-2006-5233 1 Polycom 1 Soundpoint Ip 301 2026-04-23 N/A
Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.
CVE-2006-5349 1 Oracle 1 Http Server 2026-04-23 N/A
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.
CVE-2006-5346 1 Oracle 3 Collaboration Suite, E-business Suite, Http Server 2026-04-23 N/A
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02.
CVE-2006-5521 1 Net Dns 1 Net Dns 2026-04-23 N/A
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
CVE-2006-5350 1 Oracle 2 E-business Suite, Http Server 2026-04-23 N/A
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.
CVE-2006-5525 1 Phpnuke 1 Php-nuke 2026-04-23 N/A
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
CVE-2006-5352 1 Oracle 1 Apex 2026-04-23 N/A
Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.
CVE-2006-6409 1 F-secure 1 F-secure Anti-virus 2026-04-23 N/A
F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
CVE-2006-5328 2 Apple, Openbase International Ltd 2 Xcode, Openbase 2026-04-23 N/A
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
CVE-2006-5371 1 Oracle 1 E-business Suite 2026-04-23 N/A
Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07.
CVE-2006-6414 1 Dol Storye 1 Dol Storye 2026-04-23 N/A
Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5529 1 Schoolalumni Portal 1 Schoolalumni Portal 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.
CVE-2006-4686 1 Microsoft 2 Xml Core Services, Xml Parser 2026-04-23 N/A
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
CVE-2006-5535 1 Cpanel 1 Cpanel 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
CVE-2006-5536 1 D-link 1 Dsl-g624t 2026-04-23 N/A
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
CVE-2006-5400 1 Cyberbrau 1 Cyberbrau 2026-04-23 N/A
PHP remote file inclusion vulnerability in forum/track.php in CyberBrau 0.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-5471 1 Softerra 1 Php Developer Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.
CVE-2006-5540 2 Postgresql, Redhat 3 Postgresql, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."