Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3770 1 Phpfaber 1 Topsites 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
CVE-2006-3771 1 Imaginex-resource 1 Imanage Cms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.
CVE-2006-3772 1 Php-post 1 Php-post 2026-04-16 N/A
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
CVE-2006-3779 1 Citrix 3 Metaframe, Metaframe Presentation Server, Presentation Server 2026-04-16 N/A
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
CVE-2006-3790 1 Ufo2000 1 Ufo2000 2026-04-16 N/A
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read.
CVE-2005-3102 1 Six Apart 1 Movable Type 2026-04-16 N/A
The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root.
CVE-2006-3794 1 Amazing Flash Commerce 1 Afcommerce Shopping Cart 2026-04-16 N/A
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried.
CVE-2006-3797 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
CVE-2006-3799 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
CVE-2006-3800 1 Amazing Flash Commerce 1 Afcommerce Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.
CVE-2006-3810 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.
CVE-2005-3104 1 Six Apart 1 Movable Type 2026-04-16 N/A
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
CVE-2006-3812 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
CVE-2006-3817 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
CVE-2006-0971 1 Lionel Reyero 1 Directcontact 2026-04-16 N/A
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2006-3826 1 Kailash Nadh 1 Boastmachine 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters in register.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via the (4) cat_list and (5) key parameters in a certain portion of the admin interface.
CVE-2006-3834 1 Ej3 1 Topo 2026-04-16 N/A
EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to index.php, which allows context-dependent attackers to obtain entry passwords via log files, referrers, or other vectors.
CVE-2006-3848 1 Krischan Jodies 1 Ip Calculator 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.
CVE-2006-3849 1 Pumpkin Studios 2 Warzone, Warzone Resurrection 2026-04-16 N/A
Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.
CVE-2003-0110 1 Microsoft 2 Isa Server, Proxy Server 2026-04-16 N/A
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.