Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4577 1 The Address Book 1 The Address Book 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
CVE-2006-5179 1 Intoto 2 Igateway Ssl-vpn, Igateway Vpn 2026-04-23 N/A
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940.
CVE-2006-4395 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."
CVE-2006-5181 1 Joshua Muheim 1 Phpmywebmin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the target parameter in (1) change_preferences2.php, (2) create_file.php, (3) upload_local.php, and (4) upload_multi.php, different vectors than CVE-2006-5124.
CVE-2006-5182 1 Dan Jensen 1 Travelsized Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen Travelsized CMS 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
CVE-2006-4399 1 Apple 1 Mac Os X 2026-04-23 N/A
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.
CVE-2006-5185 1 Hamweather 1 Hamweather 2026-04-23 N/A
Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function.
CVE-2006-5187 1 Bulletin Board Ace 1 Bulletin Board Ace 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in Bulletin Board Ace (BBaCE) 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5188 1 Webgeneius 1 Goop Gallery 2026-04-23 N/A
Directory traversal vulnerability in download.php in webGENEius GOOP Gallery 2.0.2 allows remote attackers to read or list data from certain files or directories via unspecified vectors.
CVE-2006-5193 1 Wikyblog 1 Wikyblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Josh Schmidt WikyBlog 1.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includeDir parameter.
CVE-2006-5194 1 Net2ftp 1 Net2ftp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5196 1 Motorola 1 Surfboard 2026-04-23 N/A
The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.
CVE-2006-5197 1 Pdshoppro 1 Pdshoppro 2026-04-23 N/A
PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.
CVE-2006-5203 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
CVE-2006-5204 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
CVE-2006-4391 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.
CVE-2006-5206 1 Invision Power Services 1 Invision Gallery 2026-04-23 N/A
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
CVE-2006-5211 1 Trend Micro 1 Officescan Corporate Edition 2026-04-23 N/A
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program.
CVE-2006-5212 1 Trend Micro 1 Officescan 2026-04-23 N/A
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.
CVE-2006-4685 1 Microsoft 2 Xml Core Services, Xml Parser 2026-04-23 N/A
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.