Export limit exceeded: 337237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6560 | 1 Mxbb | 1 Modsdb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2006-6569 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | N/A |
| form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | ||||
| CVE-2006-6570 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | ||||
| CVE-2006-6571 | 1 Genesistrader | 1 Genesistrader | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters. | ||||
| CVE-2006-6573 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. | ||||
| CVE-2006-6568 | 1 Mxbb | 1 Kb Mods | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter. | ||||
| CVE-2006-6580 | 1 Scriptphp | 1 Pronews | 2025-04-09 | N/A |
| admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6577 | 1 Neocrome | 2 Land Down Under, Seditio | 2025-04-09 | N/A |
| SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-6587 | 1 Apache | 1 Ofbiz | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | ||||
| CVE-2006-6592 | 1 Php | 1 Bloq | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | ||||
| CVE-2006-6588 | 1 Apache | 1 Ofbiz | 2025-04-09 | N/A |
| The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact. | ||||
| CVE-2006-6591 | 1 Exlor | 1 Exlor | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | ||||
| CVE-2006-6586 | 1 Vblog | 1 Vblog | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | ||||
| CVE-2006-6590 | 1 Php | 1 Ar Memberscript | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | ||||
| CVE-2006-6599 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | N/A |
| maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. | ||||
| CVE-2006-6595 | 1 Scriptmate | 1 User Manager | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components. | ||||
| CVE-2006-6596 | 1 Hilgraeve | 1 Hyperaccess | 2025-04-09 | N/A |
| HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer. | ||||
| CVE-2006-6611 | 1 Barman | 1 Barman | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | ||||
| CVE-2006-6600 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | ||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||