Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3036 1 Andy Mack 1 35mmslidegallery 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.
CVE-2006-3038 1 Cescripts 1 Realty Room Rent 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
CVE-2006-3039 1 Cescripts 1 Realty Home Rent 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this script and others at cescripts.com have been addressed and fixed."
CVE-2006-3044 1 Logisphere 1 Logisphere 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.
CVE-2006-3045 1 Teake Nutma 1 Foing 2025-04-03 N/A
PHP remote file inclusion vulnerability in manage_songs.php in Foing 0.7.0e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter.
CVE-2006-3056 1 Vbzoom 1 Vbzoom 2025-04-03 N/A
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
CVE-2006-3066 1 Ibm 1 Db2 Universal Database 2025-04-03 N/A
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
CVE-2006-3071 1 Anton Belev 1 Mp3 Search Archive 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
CVE-2006-3072 1 Symantec 1 Security Information Manager 2025-04-03 N/A
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.
CVE-2006-3079 1 Sspwiz 1 Sspwiz Plus 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-3080 1 Axent 1 Axentforum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
CVE-2006-3088 1 Cescripts 1 Car Classifieds 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3091 1 Phpmyfactures 1 Phpmyfactures 2025-04-03 N/A
PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote attackers to obtain the installation path via a direct request to (1) /verif.php, (2) /inc/footer.php, and (3) /remises/ajouter_remise.php.
CVE-2006-3102 1 Bitweaver 1 Bitweaver 2025-04-03 N/A
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
CVE-2006-3112 1 Chipmailer 1 Chipmailer 2025-04-03 N/A
Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.
CVE-2006-3118 1 Canonical 1 Spread 2025-04-03 N/A
spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.
CVE-2006-3116 1 Spiffyjr 1 Phpraid 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
CVE-2006-3126 1 Julian Pawlowski 1 Capi4hylafax 2025-04-03 N/A
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
CVE-2006-3128 1 Easy-cms 1 Easy-cms 2025-04-03 N/A
choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.
CVE-2006-3129 1 Nc Linklist 1 Nc Linklist 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.