Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3055 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
CVE-2006-3065 1 Blursoft 1 Blur6ex 2026-04-16 N/A
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
CVE-2006-3066 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
CVE-2006-3080 1 Axent 1 Axentforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
CVE-2006-3079 1 Sspwiz 1 Sspwiz Plus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-3112 1 Chipmailer 1 Chipmailer 2026-04-16 N/A
Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.
CVE-2006-3110 1 Chipmailer 1 Chipmailer 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters.
CVE-2006-3111 1 Chipmailer 1 Chipmailer 2026-04-16 N/A
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.
CVE-2006-3108 1 Emailarchitect 1 Email Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter.
CVE-2006-3130 1 Clubpage 1 Clubpage 2026-04-16 N/A
SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2006-3140 1 Openci 1 Openci 2026-04-16 N/A
SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3158 1 Eduha Meeting 1 Eduha Meeting 2026-04-16 N/A
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action.
CVE-2006-3166 1 Free Realty 1 Free Realty 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.
CVE-2006-3165 1 Free Realty 1 Free Realty 2026-04-16 N/A
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
CVE-2006-3176 1 Xaran 1 Xaran Cms 2026-04-16 N/A
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3185 1 Cms Faethon 1 Cms Faethon 2026-04-16 N/A
PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter.
CVE-2006-3784 1 Symantec 1 Pcanywhere 2026-04-16 N/A
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
CVE-2006-3785 1 Symantec 1 Pcanywhere 2026-04-16 N/A
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
CVE-2006-3783 1 Sun 1 Solaris 2026-04-16 N/A
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
CVE-2006-3793 1 Sitedepth 1 Sitedepth Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.