Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3237 1 Senokian Solutions 1 Enterprise Groupware Systems 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2006-3241 1 Xennobb 1 Xennobb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
CVE-2006-3245 1 Mvnforum 1 Mvnforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.
CVE-2006-3249 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is used for the page parameter for a search URL, the search query will use a negative number for the LIMIT clause. This causes the query to break, showing no results. It IS NOT however a sql injection error." While the original report is from a researcher with mixed accuracy, as of 20060703, CVE does not have any additional information regarding this issue
CVE-2006-3257 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.
CVE-2006-3264 1 Namo 1 Deepsearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2002-2219 1 Chetcpasswd 1 Chetcpasswd 2026-04-16 N/A
chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.
CVE-2006-3265 1 Qdig 1 Qdig 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.
CVE-2006-3283 1 Datetopia 1 Dating Agent Pro 2026-04-16 N/A
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.
CVE-2006-3287 1 Cisco 1 Wireless Control System 2026-04-16 N/A
Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).
CVE-2006-3292 1 Jaws 1 Jaws 2026-04-16 N/A
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
CVE-2006-3337 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2006-3294 1 Cbsms 1 Mambo Module 2026-04-16 N/A
PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3297 1 Uebimiau 1 Uebimiau 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3341 1 Myads 1 Myads 2026-04-16 N/A
SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2004-0500 4 Gentoo, Mandrakesoft, Redhat and 1 more 4 Linux, Mandrake Linux, Enterprise Linux and 1 more 2026-04-16 N/A
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
CVE-2006-3564 1 Hivemail 1 Hivemail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.
CVE-2006-3594 1 Cisco 1 Unified Callmanager 2026-04-16 N/A
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.
CVE-2006-3596 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet.
CVE-2006-3602 1 Farsinews 1 Farsinews 2026-04-16 N/A
Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme.