Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2743 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
CVE-2000-0140 1 True North 1 Internet Anywhere Mail Server 2026-04-16 N/A
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
CVE-2006-0107 1 Idea Development Id Oy 1 Timecan Cms 2026-04-16 N/A
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.
CVE-2006-3769 1 Top Xl 1 Top Xl 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
CVE-2006-3142 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
CVE-2006-0108 1 Idea Development Id Oy 1 Timecan Cms 2026-04-16 N/A
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107.
CVE-2006-2745 1 Facile Interactive Web 1 Facile Interactive Web 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.
CVE-2000-0145 1 Debian 1 Debian Linux 2026-04-16 N/A
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
CVE-2006-0109 1 Modular Merchant 1 Shopping Cart 2026-04-16 N/A
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2004-1119 1 Nullsoft 1 Winamp 2026-04-16 N/A
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVE-2006-0113 1 Enhanced Simple Php Gallery 1 Enhanced Simple Php Gallery 2026-04-16 N/A
Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message.
CVE-2004-2645 1 Asn.1 Compiler 1 Asn.1 Compiler 2026-04-16 N/A
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
CVE-2006-0116 1 Inetstore 1 Inetstore Online 2026-04-16 N/A
Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.
CVE-2006-0174 1 Hummingbird 2 Collaboration, Enterprise Collaboration 2026-04-16 N/A
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.
CVE-2000-0170 2 Redhat, Turbolinux 2 Linux, Turbolinux 2026-04-16 N/A
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
CVE-2000-0263 1 Redhat 1 Linux 2026-04-16 N/A
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
CVE-2006-0176 1 Xmame 1 Xmame 2026-04-16 N/A
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
CVE-2006-0182 1 Acal 1 Calendar Project 2026-04-16 N/A
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".
CVE-2006-3727 1 Eskolar Cms 1 Eskolar Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.
CVE-2006-0183 1 Acal 1 Calendar Project 2026-04-16 N/A
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.