Export limit exceeded: 29916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1943 | 1 Smarter Scripts | 1 Intellilink Pro | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. | ||||
| CVE-2006-1944 | 1 Sibsoft | 1 Communimail | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi. | ||||
| CVE-2006-1945 | 1 Awstats | 1 Awstats | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. | ||||
| CVE-2006-1946 | 1 Visale | 1 Visale | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. | ||||
| CVE-2006-1947 | 1 Nicplex | 1 Plexum | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters. | ||||
| CVE-2006-1948 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | N/A |
| The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | ||||
| CVE-2006-1949 | 1 Nicplex | 1 Plexcart | 2025-04-03 | N/A |
| SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2006-1950 | 1 Perlcoders Group | 1 Bannerfarm | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters. | ||||
| CVE-2006-1951 | 1 Solarwinds | 1 Tftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering. | ||||
| CVE-2006-1952 | 1 Winagents | 1 Tftp Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. | ||||
| CVE-2006-1953 | 1 Caucho Technology | 1 Resin | 2025-04-03 | N/A |
| Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | ||||
| CVE-2006-1954 | 1 Nfec.de | 1 Rechnungszentrale | 2025-04-03 | N/A |
| SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field. | ||||
| CVE-2006-1955 | 1 Nfec.de | 1 Rechnungszentrale | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | ||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-03 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||||
| CVE-2006-1958 | 1 Wired Community Software | 1 Wwwthreads | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php. | ||||
| CVE-2006-1959 | 1 Actualscripts | 1 Actualanalyzer | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | ||||
| CVE-2006-1960 | 1 Cisco | 1 Wireless Lan Solution Engine | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. | ||||
| CVE-2006-1961 | 1 Cisco | 5 Ciscoworks 2000 Service Management Solution, Ethernet Subscriber Solution Engine, Hosting Solution Engine and 2 more | 2025-04-03 | N/A |
| Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. | ||||
| CVE-2006-1963 | 1 Pcpin | 1 Pcpin Chat | 2025-04-03 | N/A |
| Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code. | ||||
| CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2025-04-03 | N/A |
| SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||