Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5350 1 Oracle 2 E-business Suite, Http Server 2026-04-23 N/A
Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.
CVE-2006-6802 1 Enthrallweb 1 Epages 2026-04-23 N/A
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
CVE-2006-6193 1 Basicforum 1 Basicforum 2026-04-23 N/A
SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-6177 1 Neocrome 1 Seditio 2026-04-23 N/A
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
CVE-2006-6194 1 Fisasp.com 1 Ultimate Survey Pro 2026-04-23 N/A
Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
CVE-2006-6766 1 Cwm-design 1 Cwmexplorer 2026-04-23 N/A
Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information.
CVE-2006-6839 1 Phpbb Group 1 Phpbb 2026-04-23 N/A
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
CVE-2006-6155 1 Hscripts 1 Hiox Star Rating System Script 2026-04-23 N/A
Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6137 1 Sisfo Kampus 1 Sisfo Kampus 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php.
CVE-2006-6156 1 Hscripts 1 Hiox Star Rating System Script 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6116 1 Fipsasp 1 Fipsforum 2026-04-23 N/A
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
CVE-2006-6090 1 Baalasp 1 Smart Form Portal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
CVE-2006-6117 1 Fipsasp 1 Fipsgallery 2026-04-23 N/A
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
CVE-2006-6158 3 Ace Helpdesk, Inverseflow, Pmos Helpdesk 3 Ace Helpdesk, Help Desk, Pmos Helpdesk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
CVE-2006-6069 1 Malbum 1 Malbum 2026-04-23 N/A
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
CVE-2006-6079 1 Imendio Ab 1 Loudmouth 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.
CVE-2006-6070 1 Asp-nuke 1 Asp-nuke 2026-04-23 N/A
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
CVE-2006-6031 1 Gcis 1 Aspcart 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
CVE-2006-6015 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
CVE-2006-6032 1 Sphpblog 1 Sphpblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9.