Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5065 | 1 Zoomstats | 1 Zoomstats | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ZoomStats 1.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[lib][db][path] parameter. | ||||
| CVE-2006-5066 | 1 Danphpsupport | 1 Danphpsupport | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php. | ||||
| CVE-2006-5067 | 1 Php System Administration Toolkit | 1 Php System Administration Toolkit | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used | ||||
| CVE-2006-5068 | 1 Brudaswen | 1 Brudanews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Brudaswen (1) BrudaNews 1.1 and earlier and (2) BrudaGB 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the o parameter. | ||||
| CVE-2006-5069 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2006-5070 | 1 Facestones | 1 Facestones | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in fsl2/objects/fs_form_links.php in faceStones Personal 2.0.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fsinit][objpath] parameter. | ||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | ||||
| CVE-2006-5072 | 1 Mono | 1 Mono | 2026-04-23 | N/A |
| The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. | ||||
| CVE-2006-5073 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. | ||||
| CVE-2006-5074 | 1 Php Invoice | 1 Php Invoice | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter. | ||||
| CVE-2006-5075 | 1 Sun | 1 Solaris | 2026-04-23 | N/A |
| The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client. | ||||
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | ||||
| CVE-2006-5077 | 1 Minerva | 1 Minerva | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5078 | 1 Polaring | 1 Polaring | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter. | ||||
| CVE-2006-5079 | 1 Php Arena | 1 Pabugs | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter. | ||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-5083 | 1 Phpbb Security | 1 Importal | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Integrated MODs (IM) Portal 1.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5085 | 1 Pixel Motion | 1 Pixel Motion Blog | 2026-04-23 | N/A |
| Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | ||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2026-04-23 | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | ||||