Search Results (359583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4604 1 Lanifex 1 Lanifex 2026-04-16 N/A
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
CVE-2006-4607 1 Longino 1 Jacome Php-revista 2026-04-16 N/A
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
CVE-2006-4626 1 Alwil 1 Avast Antivirus 2026-04-16 N/A
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.
CVE-2006-4628 1 Vcd-db 1 Vcd-db 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.
CVE-2006-4661 1 Icq Inc 1 Icq Toolbar 2026-04-16 N/A
AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
CVE-2006-4669 1 Somery 1 Somery 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter.
CVE-2004-0130 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.
CVE-2006-4679 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
CVE-2005-4862 1 Xwiki 1 Xwiki 2026-04-16 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2006-4739 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
CVE-2006-4740 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
CVE-2006-4742 1 Idevspot 1 Phplinkexchange 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-4735 1 Kellan Elliott-mccrea 1 Magpierss 2026-04-16 N/A
Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
CVE-2006-4766 1 Stefan Ernst 1 Newsscript 2026-04-16 N/A
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter.
CVE-2006-4786 1 Moodle 1 Moodle 2026-04-16 N/A
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
CVE-2006-4779 1 Phpbb Group 1 Vitrax Premodded Phpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-3154 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4789 1 Open Movie Editor 1 Open Movie Editor 2026-04-16 N/A
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
CVE-2006-4823 1 Reamday Enterprises 1 Magic News Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
CVE-2005-4288 1 Marmaraweb 1 Marmaraweb E-commerce 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the page parameter to index.php. NOTE: this might be resultant from CVE-2005-4287.