Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0320 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
CVE-2001-0321 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
CVE-2006-4764 1 Wtools 1 Wtools 2026-04-16 N/A
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2006-2038 1 Amplecom 1 Ampleshop 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
CVE-2006-2041 1 Phpwebgallery 1 Phpwebgallery 2026-04-16 N/A
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2046 1 Application Dynamics 1 Cartweaver Coldfusion 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
CVE-2006-2047 1 Application Dynamics 1 Cartweaver Coldfusion 2026-04-16 N/A
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
CVE-2006-2048 1 Phpwebftp 1 Phpwebftp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2.
CVE-2006-2071 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
CVE-2006-2072 1 Delegate 1 Delegate 2026-04-16 N/A
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-2073 1 Isc 1 Bind 2026-04-16 N/A
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-2088 1 Devsyn 1 Open Bulletin Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).
CVE-2006-2097 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
CVE-2006-2104 1 Kmail 1 Kmail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.
CVE-2006-2109 1 Jsboard 1 Jsboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2355 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2359 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2360 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2364 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.