Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4594 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.
CVE-2006-0440 1 Text Rider 1 Text Rider 2026-04-16 N/A
Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
CVE-2006-0456 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
CVE-2006-0563 1 Pluggedout 1 Pluggedout Blog 2026-04-16 N/A
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.
CVE-2006-0578 1 Bluecoat 1 Sgos 2026-04-16 N/A
Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters.
CVE-2006-0604 1 Hinton Design 1 Phphg Guestbook 2026-04-16 N/A
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access.
CVE-2006-4645 1 Akarru 1 Social Bookmarking Engine 2026-04-16 N/A
PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter.
CVE-2006-0693 1 Roberto Butti 1 Calimba 2026-04-16 N/A
Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters.
CVE-2006-0703 1 Imagevue 1 Imagevue 2026-04-16 N/A
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.
CVE-2006-0713 1 Linpha 1 Linpha 2026-04-16 N/A
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2006-0714 1 Flyspray 1 Flyspray 2026-04-16 N/A
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
CVE-2006-4648 1 Bingo News 1 Bingo News 2026-04-16 N/A
PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
CVE-2006-0729 1 Teca Scripts 1 Teca Diary 2026-04-16 N/A
SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.
CVE-2006-4653 2 Amazing Little Picture Poll, Amazing Little Poll 2 Amazing Little Picture Poll, Amazing Little Poll 2026-04-16 N/A
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
CVE-2006-4655 2 Sco, Sun 2 Unixware, Solaris 2026-04-16 N/A
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
CVE-2006-4660 1 Icq Inc 1 Icq Toolbar 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.
CVE-2006-4706 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
CVE-2006-4720 1 Mcgallery 1 Mcgallery Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
CVE-2006-4722 1 Openbb 1 Openbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php.
CVE-2002-1789 1 Newsx 1 Newsx 2026-04-16 N/A
Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.