Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1226 1 Adcycle 1 Adcycle 2026-04-16 N/A
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
CVE-2006-4375 1 Mambo 1 Contacts Xtd Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
CVE-2006-1656 1 Vserver 1 Util-vserver 2026-04-16 N/A
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
CVE-2006-4385 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
CVE-2006-4388 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
CVE-2006-4424 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
CVE-2006-4674 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
CVE-2006-4681 1 Ibm 1 Director 2026-04-16 N/A
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
CVE-2006-4683 1 Ibm 1 Director 2026-04-16 N/A
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
CVE-2006-4708 1 Vikingboard 1 Vikingboard 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
CVE-2006-4714 1 Spoonlabs 1 Vivvo Article Management Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
CVE-2001-1303 1 Checkpoint 1 Firewall-1 2026-04-16 N/A
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
CVE-2006-4717 1 Drupal 1 Drupal Pubcookie Module 2026-04-16 N/A
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
CVE-2006-4719 1 Myabracadaweb 1 Myabracadaweb 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.
CVE-2006-4725 1 Adobe 1 Coldfusion 2026-04-16 N/A
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
CVE-2006-4726 1 Adobe 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.
CVE-2006-4733 1 Sips 1 Sips 2026-04-16 N/A
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
CVE-2006-4747 1 Idevspot 1 Textads 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
CVE-2006-4748 1 F-art Agency 1 Blog Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php.
CVE-2006-4945 1 Cardway 1 Digitalwebshop 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.