Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6838 1 Rediff 1 Bol Downloader Activex Ocx Control 2026-04-23 N/A
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
CVE-2007-0851 1 Trend Micro 23 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 20 more 2026-04-23 N/A
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
CVE-2006-6843 1 Joomla 1 Be It Easypartner Component 2026-04-23 N/A
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6846 1 Cybercoded 1 While You Were Out Inout Board 2026-04-23 N/A
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
CVE-2006-6860 1 Mythcontrol 1 Mythcontrol 2026-04-23 N/A
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
CVE-2007-0852 1 Techexcel Inc. 1 Devtrack 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6863 1 Enigma 1 Wordpress Bridge 2026-04-23 9.8 Critical
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
CVE-2006-6864 1 Enigma2 1 Coppermine Bridge 2026-04-23 N/A
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
CVE-2006-6865 1 Softartisans 1 Fileup 2026-04-23 N/A
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
CVE-2006-6834 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
CVE-2006-6832 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2006-6830 1 Cafelog 1 B2 Blog 2026-04-23 N/A
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
CVE-2006-6829 1 Efkan Forum 1 Efkan Forum 2026-04-23 N/A
Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6828 1 Efkan Forum 1 Efkan Forum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
CVE-2006-6825 1 Mxmania 1 Calendar Mx Basic 2026-04-23 N/A
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6823 1 Yrch 1 Yrch 2026-04-23 N/A
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-6822 1 Enthrallweb 1 Eclassifieds 2026-04-23 N/A
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6821 1 Enthrallweb 1 Enews 2026-04-23 N/A
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6820 1 Enthrallweb 1 Ecoupons 2026-04-23 N/A
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
CVE-2006-6809 1 Vladimir Menshakov 1 Buratinable Templator 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.