Export limit exceeded: 348218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3939 | 1 Scriptscenter | 1 Ezupload Pro | 2025-04-03 | N/A |
| ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files. | ||||
| CVE-2006-3940 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. | ||||
| CVE-2006-3943 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | ||||
| CVE-2006-3944 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | ||||
| CVE-2006-3948 | 1 Php-nuke | 1 Inp | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2006-3950 | 1 X-scripts | 1 X-statistics | 2025-04-03 | N/A |
| SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | ||||
| CVE-2006-3951 | 1 Mam-moodle Alpha Component | 1 Mam-moodle Alpha Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3952 | 1 Efs Software | 1 Efs Ftp Server | 2025-04-03 | N/A |
| Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3953 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | ||||
| CVE-2006-3954 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action. | ||||
| CVE-2006-3955 | 1 Minibb | 1 Minibb | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php. | ||||
| CVE-2006-3956 | 1 Total Online Solutions | 1 Advanced Webhost Billing System | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters. | ||||
| CVE-2006-3957 | 1 Bosdev | 1 Bosdates | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. | ||||
| CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2025-04-03 | N/A |
| SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. | ||||
| CVE-2006-3962 | 1 Mambo | 1 Bayesiannaivefilter | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3963 | 1 Banex | 1 Banex | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. | ||||
| CVE-2006-3964 | 1 Banex | 1 Banex | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter. | ||||
| CVE-2006-3965 | 1 Banex | 1 Banex | 2025-04-03 | N/A |
| Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords. | ||||
| CVE-2006-3967 | 1 Moskool | 1 Moskool | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3968 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. | ||||