Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6558 | 1 Crob | 1 Crob Ftp Server | 2026-04-23 | N/A |
| Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. | ||||
| CVE-2006-6567 | 1 Mxbb | 1 Kb Mods | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | ||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | ||||
| CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2026-04-23 | N/A |
| Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | ||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | ||||
| CVE-2006-6589 | 1 Apache | 2 Ofbiz, Opentaps | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6593 | 1 Phpbb | 1 Amazonia Mod | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-6598 | 1 Torrentflux | 2 Torrentflux, Torrentflux-b4rt | 2026-04-23 | N/A |
| Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6604 | 1 Torrentflux | 1 Torrentflux | 2026-04-23 | N/A |
| Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328. | ||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2026-04-23 | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | ||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | ||||
| CVE-2006-6613 | 1 Phpalbum.net | 1 Phpalbum | 2026-04-23 | N/A |
| Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php. | ||||
| CVE-2006-6622 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2026-04-23 | N/A |
| Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | ||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6629 | 1 Webwork | 1 Program Generation Language | 2026-04-23 | N/A |
| lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. | ||||
| CVE-2006-6632 | 1 Genepi | 1 Genepi | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | ||||
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | ||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2026-04-23 | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6646 | 1 Drupal | 2 Drupal Project, Drupal Project Issue Tracking | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. | ||||