Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7055 1 Sweetphp 1 Totalcalendar 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
CVE-2006-7058 1 Sphider 1 Sphider 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7060 1 Scriptsez.net 1 E-dating System 2026-04-23 N/A
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.
CVE-2006-7064 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
CVE-2006-7065 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
CVE-2006-7067 1 Oracle 1 Database Server 2026-04-23 N/A
Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
CVE-2006-7068 1 Cliserv 1 Web Community 2026-04-23 N/A
PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3.
CVE-2006-7072 1 Geodesicsolutions 1 Geoclassifieds Enterprise 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php.
CVE-2006-7073 1 Opentools 1 Attachment Mod 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information.
CVE-2006-7076 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-7077 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-23 N/A
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
CVE-2006-7085 1 Rigter Portal System 1 Rigter Portal System 2026-04-23 N/A
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.
CVE-2006-7087 1 Dotdeb 1 Dotdeb Php 2026-04-23 N/A
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
CVE-2006-7091 1 Hinton Design 1 Phpht Topsites Free 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7092 1 Mamboxchange 1 Laithai 2026-04-23 N/A
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
CVE-2006-7095 1 Klink 1 Dim3 2026-04-23 N/A
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.
CVE-2006-7096 1 Klink 1 Dim3 2026-04-23 N/A
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
CVE-2006-7099 1 Solarpay 1 Solarpay 2026-04-23 N/A
Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-7101 1 Phpwind 1 Phpwind 2026-04-23 N/A
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
CVE-2006-7110 1 Drupal 1 Imce Module 2026-04-23 N/A
Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.