Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4778 1 Cchost 1 Cchost 2026-04-16 N/A
SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information.
CVE-2006-4779 1 Phpbb Group 1 Vitrax Premodded Phpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_portal.php in Vitrax Premodded phpBB 1.0.6-R3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4786 1 Moodle 1 Moodle 2026-04-16 N/A
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
CVE-2006-4787 1 Alphamail 1 Alphamail 2026-04-16 N/A
AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information.
CVE-2006-4828 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
CVE-2006-4830 1 Blojsom 1 Blojsom 2026-04-16 N/A
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
CVE-2006-4831 1 Iodine 1 Iodine 2026-04-16 N/A
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
CVE-2006-4912 1 Php Docwriter 1 Php Docwriter 2026-04-16 N/A
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
CVE-2006-4835 1 Bluview 1 Blue Magic Board 2026-04-16 N/A
Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
CVE-2006-4849 1 Mobilepublisherphp 1 Mobilepublisherphp 2026-04-16 N/A
PHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2006-4850 1 Bolinos 1 Blinos 2026-04-16 N/A
PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
CVE-2006-4864 1 All Enthusiast Inc 1 Reviewpost Php Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.
CVE-2006-4866 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
CVE-2006-4876 1 Jupiter Cms 1 Jupiter Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.
CVE-2006-4888 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
CVE-2006-2871 1 Cyboards 1 Cyboards Php Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/common.php in CyBoards PHP Lite 1.25 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. NOTE: CVE disputes this issue, since $script_path is set to a constant value
CVE-2006-4914 1 A.l-pifou 1 A.l-pifou 2026-04-16 N/A
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CVE-2006-4917 1 Pt News 1 Pt News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
CVE-2006-4918 1 Simple Discussion Board 1 Simple Discussion Board 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
CVE-2006-4921 1 Siteatschool 1 Siteatschool 2026-04-16 N/A
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.