Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | ||||
| CVE-2006-5015 | 1 Kietu | 1 Kietu | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | ||||
| CVE-2006-5023 | 1 Aspindir | 1 Xweblog | 2026-04-23 | N/A |
| SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | ||||
| CVE-2006-5005 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login. | ||||
| CVE-2006-5028 | 1 Swsoft | 2 Plesk, Plesk Reload | 2026-04-23 | N/A |
| Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | ||||
| CVE-2006-5032 | 1 Phpartenaire | 1 Phpartenaire | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. | ||||
| CVE-2006-5036 | 1 Squiz | 2 Mysource Classic, Mysource Matrix | 2026-04-23 | N/A |
| MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | ||||
| CVE-2006-5044 | 2 Joomla, Mambo | 2 Prince Clan Chess Component, Prince Clan Chess Component | 2026-04-23 | N/A |
| Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. | ||||
| CVE-2006-5053 | 1 Web-news | 1 Web-news | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. | ||||
| CVE-2006-5057 | 1 Ktools.net | 1 Photostore | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. | ||||
| CVE-2006-5061 | 1 Advanced-clan-script | 1 Advanced-clan-script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | ||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5070 | 1 Facestones | 1 Facestones | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter. | ||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | ||||
| CVE-2006-5078 | 1 Polaring | 1 Polaring | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter. | ||||
| CVE-2006-5083 | 1 Phpbb Security | 1 Importal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5089 | 1 My-bic | 1 My-bic | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion | ||||
| CVE-2006-5092 | 1 A-blog | 1 A-blog | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter. | ||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability. | ||||
| CVE-2006-5102 | 1 Baumedia | 1 Newswriter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter. | ||||