Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-7080 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. | ||||
| CVE-2006-7083 | 1 Rigter Portal System | 1 Rigter Portal System | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | ||||
| CVE-2006-7085 | 1 Rigter Portal System | 1 Rigter Portal System | 2026-04-23 | N/A |
| Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely. | ||||
| CVE-2006-7087 | 1 Dotdeb | 1 Dotdeb Php | 2026-04-23 | N/A |
| CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. | ||||
| CVE-2006-7088 | 1 Simple Php Forum | 1 Simple Php Forum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | ||||
| CVE-2006-7092 | 1 Mamboxchange | 1 Laithai | 2026-04-23 | N/A |
| SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | ||||
| CVE-2006-7093 | 1 Mamboxchange | 1 Laithai | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-7094 | 3 Debian, Ftpd, Gentoo | 3 Debian Linux, Ftpd, Linux | 2026-04-23 | N/A |
| ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | ||||
| CVE-2006-7096 | 1 Klink | 1 Dim3 | 2026-04-23 | N/A |
| Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | ||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | ||||
| CVE-2006-7099 | 1 Solarpay | 1 Solarpay | 2026-04-23 | N/A |
| Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7101 | 1 Phpwind | 1 Phpwind | 2026-04-23 | N/A |
| SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie. | ||||
| CVE-2006-7103 | 1 Ezonlinegallery | 1 Ezonlinegallery | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php. | ||||
| CVE-2006-7109 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | ||||
| CVE-2006-7110 | 1 Drupal | 1 Imce Module | 2026-04-23 | N/A |
| Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | ||||
| CVE-2006-7111 | 1 Futomis Cgi Cafe | 1 Kmail Cgi | 2026-04-23 | N/A |
| Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | ||||
| CVE-2006-7132 | 1 Cynux Softwares | 1 Phpmydesk | 2026-04-23 | N/A |
| Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php. | ||||
| CVE-2006-7119 | 1 Phpgiggle | 1 Phpgiggle | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter. | ||||
| CVE-2006-7120 | 1 Osu Open Source Lab | 1 Maintain | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php | ||||
| CVE-2006-7121 | 1 Linksys | 1 Spa921 | 2026-04-23 | N/A |
| The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. | ||||