Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6355 1 Duware 1 Duclassmate 2026-04-23 N/A
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
CVE-2006-6356 1 Phpnews 1 Phpnews 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter.
CVE-2006-5186 1 Phpmyprofiler 1 Phpmyprofiler 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions.php in phpMyProfiler 0.9.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter.
CVE-2007-0481 1 Cisco 1 Ios Transmission Control Protocol 2026-04-23 N/A
Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
CVE-2006-6373 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
CVE-2006-6365 1 Duware 1 Dupaypal 2026-04-23 N/A
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
CVE-2006-6369 1 Invision Power Services 1 Invision Community Blog 2026-04-23 N/A
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
CVE-2006-6370 1 Invision Power Services 1 Invision Gallery 2026-04-23 N/A
SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.
CVE-2006-6372 1 James Barnsley 1 Jab Guest Book 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6374 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
CVE-2006-6378 1 Widcomm 1 Btsavemysql 2026-04-23 N/A
BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.
CVE-2006-6946 1 Nec 1 Multiwriter 1700c 2026-04-23 N/A
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
CVE-2006-6380 1 Ultimate Helpdesk 1 Ultimate Helpdesk 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2006-6381 1 Ultimate Helpdesk 1 Ultimate Helpdesk 2026-04-23 N/A
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-6384 1 John Goodman 1 Abitwhizzy 2026-04-23 N/A
Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.
CVE-2006-6385 1 Intel 4 Pro 1000 Adapters, Pro 1000 Pcie Adapters, Pro 10 100 Adapters and 1 more 2026-04-23 N/A
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
CVE-2006-3436 1 Microsoft 1 .net Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
CVE-2006-6387 1 Link Content Management Server 1 Link Content Management Server 2026-04-23 N/A
Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6393 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function.
CVE-2006-6394 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.