Export limit exceeded: 348970 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348970 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3363 | 1 Xoops | 1 Xoops Glossaire Module | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | ||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3366 | 1 V3 Chat | 1 V3 Chat | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...". | ||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2025-04-03 | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3368 | 1 Efone | 1 Efone | 2025-04-03 | N/A |
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-3369 | 1 Iduprey | 1 Kamikaze-qscm | 2025-04-03 | N/A |
| Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2025-04-03 | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3371 | 1 Eupla | 1 Foros | 2025-04-03 | N/A |
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3372 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | ||||
| CVE-2006-3373 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2025-04-03 | N/A |
| Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | ||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | ||||
| CVE-2006-3375 | 1 Randshop | 1 Randshop | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | ||||
| CVE-2006-3376 | 2 Redhat, Wvware | 3 Enterprise Linux, Libwmf, Wv2 | 2025-04-03 | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | ||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | ||||
| CVE-2006-3378 | 1 Ubuntu | 1 Ubuntu Linux | 2025-04-03 | N/A |
| passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | ||||
| CVE-2006-3379 | 1 Hiki Wiki | 1 Hiki Wiki | 2025-04-03 | N/A |
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | ||||
| CVE-2006-3380 | 1 Freestyle | 1 Freestyle Wiki | 2025-04-03 | N/A |
| Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | ||||
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2025-04-03 | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | ||||
| CVE-2006-3382 | 1 Mads | 1 Mads | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | ||||
| CVE-2006-3383 | 1 Mads | 1 Mads | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports. | ||||