Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2680 1 Php4script 1 Az Photo Album Script Pro 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
CVE-2006-2683 1 Open-medium 1 Open-medium Cms 2025-04-03 N/A
PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter.
CVE-2006-2719 1 Jiwa 1 Financials 2025-04-03 N/A
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
CVE-2006-2722 1 Out Of The Trees Web Design 1 Selectapix 2025-04-03 N/A
SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
CVE-2006-2728 1 Jan Chmelik 1 Photoalbum Bandw 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.
CVE-2006-2730 1 Hot Open Tickets 1 Hot Open Tickets 2025-04-03 N/A
PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVE-2006-3042 1 Ispconfig 1 Ispconfig 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.
CVE-2006-1051 1 Akarru 1 Social Bookmarking Engine 2025-04-03 N/A
SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.
CVE-2006-3043 1 Cfxe-cms 1 Cfxe-cms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.
CVE-2006-3046 1 Subtext 1 Subtext 2025-04-03 N/A
Unspecified vulnerability in the admin login feature in Subtext 1.5, in a multiblog setup, allows remote administrators of one blog to login to another blog.
CVE-2006-1073 1 Simplog 1 Simplog 2025-04-03 N/A
Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.
CVE-2006-1074 1 Jason Boettcher 1 Liero Xtreme 2025-04-03 N/A
Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.
CVE-2001-1064 1 Cisco 1 Cbos 2025-04-03 N/A
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
CVE-2006-1098 1 Digital Builder 1 Nz Ecommerce 2025-04-03 N/A
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem
CVE-2006-1100 1 Sauerbraten 2 Cube, Sauerbraten 2025-04-03 N/A
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
CVE-2006-1101 1 Sauerbraten 2 Cube, Sauerbraten 2025-04-03 N/A
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
CVE-2006-1103 1 Sauerbraten 2 Cube, Sauerbraten 2025-04-03 N/A
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
CVE-2006-1104 1 Pixelpost 1 Pixelpost 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
CVE-2006-1110 1 Aztek Forum 1 Aztek Forum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.
CVE-2006-1112 1 Aztek Forum 1 Aztek Forum 2025-04-03 N/A
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.