Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6929 | 1 Ga Soft | 1 Rapid Classified | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp. | ||||
| CVE-2006-6930 | 1 Ga Soft | 1 Rapid Classified | 2026-04-23 | N/A |
| SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6931 | 1 Snort | 1 Snort | 2026-04-23 | N/A |
| Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." | ||||
| CVE-2006-6932 | 1 Image Gallery With Access Database | 1 Image Gallery With Access Database | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp. | ||||
| CVE-2006-6933 | 1 Efs Software | 1 Easy Chat Server | 2026-04-23 | N/A |
| Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6934 | 1 Portix-php | 1 Portix-php | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post. | ||||
| CVE-2006-6935 | 1 Portix-php | 1 Portix-php | 2026-04-23 | N/A |
| SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. | ||||
| CVE-2006-6936 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032. | ||||
| CVE-2006-6937 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2026-04-23 | N/A |
| SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | ||||
| CVE-2006-6938 | 1 Nitrotech | 1 Nitrotech | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | ||||
| CVE-2006-6939 | 1 Gnu | 1 Ed | 2026-04-23 | N/A |
| GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | ||||
| CVE-2006-6940 | 1 Owa | 1 Owa | 2026-04-23 | N/A |
| Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message. | ||||
| CVE-2006-6941 | 1 Freewebshop | 1 Freewebshop | 2026-04-23 | N/A |
| index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | ||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | ||||
| CVE-2006-6945 | 1 Virtuemart | 1 Virtuemart | 2026-04-23 | N/A |
| SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php. | ||||
| CVE-2006-6947 | 1 Nec | 1 Multiwriter 1700c | 2026-04-23 | N/A |
| The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | ||||
| CVE-2006-6948 | 1 Myodbc | 1 Myodbc | 2026-04-23 | N/A |
| MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. | ||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2006-6950 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. | ||||
| CVE-2006-6951 | 1 Odysseus Blog | 1 Odysseus Blog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||