Export limit exceeded: 29933 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29933 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5022 | 1 Pnews Systems | 1 Pnews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | ||||
| CVE-2006-5017 | 1 E-vision | 1 E-vision Cms | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. | ||||
| CVE-2006-5024 | 1 Paisterist | 1 Simple Http Scanner | 2026-04-23 | 9.8 Critical |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. | ||||
| CVE-2006-5030 | 1 Exv2 | 1 Content Management System | 2026-04-23 | N/A |
| SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | ||||
| CVE-2006-5028 | 1 Swsoft | 2 Plesk, Plesk Reload | 2026-04-23 | N/A |
| Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. | ||||
| CVE-2006-5029 | 1 Woltlab | 1 Burning Board | 2026-04-23 | N/A |
| SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4. | ||||
| CVE-2006-5037 | 1 Squiz | 1 Mysource Matrix | 2026-04-23 | N/A |
| MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability. | ||||
| CVE-2006-5038 | 1 Fiwin | 1 Ss28s Wifi Voip Sip Skype Phone | 2026-04-23 | N/A |
| The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | ||||
| CVE-2006-5035 | 1 Paul Smith Computer Services | 1 Vcap | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5046 | 1 Joomla | 1 Rs Gallery2 | 2026-04-23 | N/A |
| Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | ||||
| CVE-2006-5056 | 1 Opial | 1 Opial Audio Video Download Management | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. | ||||
| CVE-2006-5057 | 1 Ktools.net | 1 Photostore | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. | ||||
| CVE-2006-5059 | 1 Wired Community Software | 1 Wwwthreads | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php. | ||||
| CVE-2006-5060 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode. | ||||
| CVE-2006-5063 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. | ||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5066 | 1 Danphpsupport | 1 Danphpsupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. | ||||
| CVE-2006-5067 | 1 Php System Administration Toolkit | 1 Php System Administration Toolkit | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used | ||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | ||||
| CVE-2006-5072 | 1 Mono | 1 Mono | 2026-04-23 | N/A |
| The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. | ||||