Export limit exceeded: 347885 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | ||||
| CVE-2006-2499 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-03 | N/A |
| SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | ||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | ||||
| CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2025-04-03 | N/A |
| Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | ||||
| CVE-2006-2503 | 1 Deluxebb | 1 Deluxebb | 2025-04-03 | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | ||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | ||||
| CVE-2006-2505 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | ||||
| CVE-2006-2507 | 1 Teake Nutma | 1 Foing | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | ||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2025-04-03 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | ||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2025-04-03 | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2510 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. | ||||
| CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2025-04-03 | N/A |
| The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | ||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2025-04-03 | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2025-04-03 | N/A |
| Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | ||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | ||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | ||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2025-04-03 | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | ||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2025-04-03 | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | ||||