Export limit exceeded: 29902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6067 | 1 20 20 Applications | 1 20 20 Datashed | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955. | ||||
| CVE-2006-6068 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. | ||||
| CVE-2006-6069 | 1 Malbum | 1 Malbum | 2026-04-23 | N/A |
| index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. | ||||
| CVE-2006-6070 | 1 Asp-nuke | 1 Asp-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. | ||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2026-04-23 | N/A |
| Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6085 | 1 Kile | 1 Kile | 2026-04-23 | N/A |
| Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. | ||||
| CVE-2006-6087 | 1 My Little Homepage | 1 My Little Weblog | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2006-6088 | 1 Blue-collar Productions | 1 I-gallery | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6110 | 1 Bpg-infotech | 1 Content Management System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. | ||||
| CVE-2006-6111 | 1 Alan Ward | 1 A-cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873. | ||||
| CVE-2006-6112 | 1 Lifetype | 1 Lifetype | 2026-04-23 | N/A |
| LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message. | ||||
| CVE-2006-6113 | 1 James Greenwood | 1 Monkey Boards | 2026-04-23 | N/A |
| Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path. | ||||
| CVE-2006-6124 | 1 Biba Software | 1 Seleniumserver Web Server | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6132 | 1 Softacid | 1 Link Exchange Lite | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp. | ||||
| CVE-2006-6139 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2026-04-23 | N/A |
| Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6145 | 1 Cryptocard | 1 Crypto-server | 2026-04-23 | N/A |
| CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6148 | 1 Jiros | 1 Links Manager | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6150 | 1 Owllib | 1 Owllib | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter. | ||||
| CVE-2006-6152 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp. | ||||
| CVE-2006-6153 | 1 Vspin.net | 1 Classified System | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp. | ||||