Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2026-04-23 | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | ||||
| CVE-2006-5116 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017. | ||||
| CVE-2006-5112 | 1 Intervations | 1 Navicopa Web Server | 2026-04-23 | N/A |
| Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request. | ||||
| CVE-2006-5105 | 1 Forum One | 1 Syntaxcms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055. | ||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability. | ||||
| CVE-2006-5121 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter. | ||||
| CVE-2006-5078 | 1 Polaring | 1 Polaring | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter. | ||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | ||||
| CVE-2006-5065 | 1 Zoomstats | 1 Zoomstats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter. | ||||
| CVE-2006-5659 | 1 Pam Extern | 1 Pam Extern | 2026-04-23 | N/A |
| PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5675 | 1 Pentaho | 1 Business Intelligence Suite | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts. | ||||
| CVE-2006-5733 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-23 | N/A |
| Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php. | ||||
| CVE-2006-5808 | 1 Cisco | 1 Secure Desktop | 2026-04-23 | N/A |
| The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | ||||
| CVE-2006-5118 | 1 Phpselect | 1 Web Development Division | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter. | ||||
| CVE-2006-5111 | 1 Libksba Library | 1 Libksba Library | 2026-04-23 | N/A |
| The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. | ||||
| CVE-2006-5120 | 1 Scott Metoyer | 1 Red Mombin | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php. | ||||
| CVE-2006-5103 | 1 Bbsnew | 1 Bbsnew | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter. | ||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions | ||||
| CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | N/A |
| SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | ||||
| CVE-2006-5122 | 1 Hp | 1 Mercury Sitescope | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field. | ||||