Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | ||||
| CVE-2006-5946 | 1 Funkyasp | 1 Glossary | 2026-04-23 | N/A |
| SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP Glossary 1.0 allows remote attackers to execute arbitrary SQL commands via the alpha parameter. | ||||
| CVE-2006-5949 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5952 | 1 Asp Smiley | 1 Asp Smiley | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 allows remote attackers to execute arbitrary SQL commands via the Username field. | ||||
| CVE-2006-5953 | 1 Lynx Internet Solutions | 1 Evolve Merchant | 2026-04-23 | N/A |
| SQL injection vulnerability in viewcart.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the zoneid parameter. | ||||
| CVE-2006-5958 | 1 Infinicart | 1 Infinicart | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. | ||||
| CVE-2006-5959 | 1 Web Inhabit | 1 A\+ Store E-commerce | 2026-04-23 | N/A |
| SQL injection vulnerability in browse.asp in A+ Store E-Commerce allows remote attackers to execute arbitrary SQL commands via the ParentID parameter. | ||||
| CVE-2006-5961 | 1 Pegasus | 1 Mercury Mail Transport System | 2026-04-23 | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. | ||||
| CVE-2006-5962 | 1 Hpecs Shopping Cart | 1 Hpecs Shopping Cart | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. | ||||
| CVE-2006-5965 | 1 Passgo | 1 Sso Plus | 2026-04-23 | N/A |
| PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. | ||||
| CVE-2006-5967 | 1 Panda | 1 Activescan | 2026-04-23 | N/A |
| Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe. | ||||
| CVE-2006-5969 | 1 Fvwm | 1 Fvwm | 2026-04-23 | N/A |
| CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308. | ||||
| CVE-2006-5970 | 1 Verity | 1 Ultraseek | 2026-04-23 | N/A |
| Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message. | ||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | ||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | ||||
| CVE-2006-6523 | 1 Cpanel | 1 Cpanel | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. | ||||
| CVE-2006-6524 | 1 Ezhrs | 1 Hr Assist | 2026-04-23 | N/A |
| SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. | ||||
| CVE-2006-6527 | 1 Gizzar | 1 Gizzar | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6528 | 1 Drupal | 1 Chatroom Module | 2026-04-23 | N/A |
| The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | ||||