Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7072 1 Geodesicsolutions 1 Geoclassifieds Enterprise 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.
CVE-2006-7073 1 Opentools 1 Attachment Mod 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.
CVE-2006-7075 1 Aqualung 1 Aqualung 2026-04-23 N/A
Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file.
CVE-2006-7076 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-7077 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
CVE-2006-7078 1 Professional Home Page Tools Login Script 1 Professional Home Page Tools Login Script 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some details have been obtained from third party sources.
CVE-2006-7080 1 Exv2 1 Content Management System 2026-04-23 N/A
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
CVE-2006-7081 1 Phpnews 1 Phpnews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3.
CVE-2006-7082 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php.
CVE-2006-7083 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter.
CVE-2006-7085 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.
CVE-2006-7087 1 Dotdeb 1 Dotdeb Php 2026-04-23 N/A
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
CVE-2006-7088 1 Simple Php Forum 1 Simple Php Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php.
CVE-2006-7091 1 Hinton Design 1 Phpht Topsites Free 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7092 1 Mamboxchange 1 Laithai 2026-04-23 N/A
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
CVE-2006-7093 1 Mamboxchange 1 Laithai 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-7094 3 Debian, Ftpd, Gentoo 3 Debian Linux, Ftpd, Linux 2026-04-23 N/A
ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.
CVE-2006-7095 1 Klink 1 Dim3 2026-04-23 N/A
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.
CVE-2006-7096 1 Klink 1 Dim3 2026-04-23 N/A
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
CVE-2006-7097 1 Taskfreak 1 Taskfreak 2026-04-23 N/A
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.