Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2520 1 Bitberry Software 1 Bitzipper 2026-04-16 N/A
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.
CVE-2006-2517 1 Fujitsu 1 Myweb Portal Office 2026-04-16 N/A
SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2528 1 Smartisoft 1 Phpbazar 2026-04-16 N/A
PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
CVE-2006-2531 1 Ipswitch 1 Whatsup 2026-04-16 N/A
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
CVE-2006-2540 1 Dieselscripts 1 Diesel Job Site 2026-04-16 N/A
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
CVE-2006-2526 1 Power Place 1 Php Easy Galerie 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2006-2527 1 Smartisoft 1 Phpbazar 2026-04-16 N/A
Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
CVE-1999-0045 2 Apache, Netscape 4 Http Server, Commerce Server, Communications Server and 1 more 2026-04-16 N/A
List of arbitrary files on Web host via nph-test-cgi script.
CVE-2006-2525 1 Usebb 1 Usebb 2026-04-16 N/A
SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module.
CVE-2006-2539 1 Sybase 1 Easerver 2026-04-16 N/A
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.
CVE-2006-2536 1 Greg Donald 1 Destiney Links Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields.
CVE-1999-0066 1 John S. Roberts 1 Anyform 2026-04-16 9.8 Critical
AnyForm CGI remote execution.
CVE-2006-2546 1 Bea 1 Weblogic Server 2026-04-16 N/A
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
CVE-2006-2547 1 Sap 1 Sapdba 2026-04-16 N/A
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
CVE-2006-2549 1 Pdf Tools Ag 1 Pdf Form Filling And Flattening Tool 2026-04-16 N/A
Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.
CVE-2006-2558 1 Iplogger 1 Iplogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed.
CVE-2006-2556 1 Florian Amrhein 1 Newsportal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-1999-0082 2 Ftp, Ftpcd 2 Ftp, Ftpcd 2026-04-16 N/A
CWD ~root command in ftpd allows root access.
CVE-2006-2574 1 Hp 1 Hp-ux 2026-04-16 N/A
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.
CVE-2006-2572 1 Dian Gemilang 1 Dgbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.