Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-3907 1 Gitlab 1 Gitlab 2026-04-23 4.9 Medium
A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner
CVE-2006-5253 1 Dayana Networks 1 Phponline 2026-04-23 N/A
PHP remote file inclusion vulnerability in strload.php in Dayana Networks phpOnline (aka PHP-Online) 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the LangFile parameter.
CVE-2006-5246 1 Eazy Cart 1 Eazy Cart 2026-04-23 N/A
Eazy Cart allows remote attackers to change prices and other critical fields via unspecified vectors to easycart.php, probably including the price parameter. NOTE: some details are obtained from third party information.
CVE-2006-5254 1 Mamboxchange 1 Extended Registration 2026-04-23 N/A
PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5236 1 4homepages 1 4images 2026-04-23 N/A
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
CVE-2006-5228 1 Rob Hensley 1 Ackertodo 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters.
CVE-2006-5237 1 Blue Smiley Organizer 1 Blue Smiley Organizer 2026-04-23 N/A
SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5255 1 Greg Neustaetter 1 Gcards 2026-04-23 N/A
PHP remote file inclusion vulnerability in addnews.php in Greg Neustaetter gCards 1.13 allows remote attackers to execute arbitrary PHP code via a URL in the languagefile parameter. NOTE: another researcher has observed that languageFile is defined before use. CVE analysis as of 20061012 concurs with the dispute
CVE-2006-5217 1 Emek Portal 1 Emek Portal 2026-04-23 N/A
SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.
CVE-2006-5209 1 Phpbb Group 1 Phpbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5218 2 Netbsd, Openbsd 2 Netbsd, Openbsd 2026-04-23 N/A
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl.
CVE-2006-5202 1 Linksys 1 Wrt54g 2026-04-23 N/A
Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.
CVE-2006-5195 1 Wheatblog 1 Wheatblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5203 1 Invision Power Services 1 Invision Power Board 2026-04-23 N/A
Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
CVE-2006-5219 1 Moodle 1 Moodle 2026-04-23 N/A
SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter.
CVE-2006-5256 1 Claroline 1 Claroline 2026-04-23 N/A
PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2006-5183 1 Dayfox Designs 1 Dayfox Blog 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs Dayfox Blog 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the slogin parameter in the (1) adminlog.php, (2) postblog.php, (3) index.php, or (4) index2.php script in /edit.
CVE-2006-5180 1 Baumedia 1 Newswriter 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/main.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter, a different vector than CVE-2006-5102.
CVE-2006-5190 1 Oscommerce 1 Oscommerce 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php.
CVE-2006-5194 1 Net2ftp 1 Net2ftp 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.