Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0893 | 1 Nocc | 1 Nocc | 2025-04-03 | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments. | ||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2025-04-03 | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. | ||||
| CVE-2006-0916 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. | ||||
| CVE-2006-0918 | 1 Ritlabs | 1 The Bat | 2025-04-03 | N/A |
| Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field. | ||||
| CVE-2006-0919 | 1 Oi | 1 Email Marketing System | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2006-0921 | 1 Fckeditor | 1 Fckeditor | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. | ||||
| CVE-2006-0944 | 1 Archangelmgt | 1 Weblog | 2025-04-03 | N/A |
| Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | ||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | ||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2025-04-03 | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | ||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2025-04-03 | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | ||||
| CVE-2006-0989 | 1 Veritas | 1 Netbackup | 2025-04-03 | N/A |
| Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-0990 | 1 Veritas | 1 Netbackup | 2025-04-03 | N/A |
| Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-0991 | 1 Veritas | 1 Netbackup | 2025-04-03 | N/A |
| Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). | ||||
| CVE-2006-1021 | 1 Pehepe | 2 Membership Management System, Uyelik Sistemi | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable). | ||||
| CVE-2006-1024 | 1 Addsoft | 1 Storebot | 2025-04-03 | N/A |
| SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1025 | 1 Addsoft | 1 Storebot | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1026 | 1 Jfacets | 1 Jfacets | 2025-04-03 | N/A |
| JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID. | ||||
| CVE-2006-1023 | 1 Hp | 1 System Management Homepage | 2025-04-03 | N/A |
| Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors. | ||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2025-04-03 | N/A |
| Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. | ||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2025-04-03 | N/A |
| Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. | ||||