Search Results (365026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1511 1 Microsoft 1 .net Framework 2026-04-16 N/A
Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name.
CVE-2006-1524 1 Linux 1 Linux Kernel 2026-04-16 N/A
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
CVE-2006-1525 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference.
CVE-2006-1526 2 Redhat, X.org 2 Enterprise Linux, X11r6 2026-04-16 N/A
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
CVE-2006-1531 2 Debian, Mozilla 4 Debian Linux, Firefox, Seamonkey and 1 more 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVE-2006-1532 1 Deltascripts 1 Php Classifieds 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHP Classifieds 6.18, 6.20, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchword parameter.
CVE-2006-1533 1 Sourceworkshop 1 Newsletter 2026-04-16 N/A
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.
CVE-2005-4511 1 Curtis Hawthorne 1 Tn3270 Resource Gateway 2026-04-16 N/A
Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls.
CVE-2006-1539 1 Bsd-games 1 Tetris-bsd 2026-04-16 N/A
Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd.
CVE-2006-1541 1 Ezaspsite 1 Ezaspsite 2026-04-16 N/A
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.
CVE-2006-1543 1 Vscripts 1 Vnews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.
CVE-2006-1544 1 Vscripts 1 Vnews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in news.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorkomentarza and (2) tresckomentarza parameters.
CVE-2006-1545 1 Vscripts 1 Vnews 2026-04-16 N/A
Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php.
CVE-2006-1549 1 Php 1 Php 2026-04-16 N/A
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.
CVE-2005-4533 1 Scponly 1 Scponly 2026-04-16 N/A
Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.
CVE-2006-1550 2 Dia, Redhat 2 Dia, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
CVE-2006-1552 1 Apple 4 Imageio, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
CVE-2005-4564 1 Adtran 1 Netvanta 2026-04-16 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2006-1557 1 Skintech 1 X-changer 2026-04-16 N/A
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
CVE-2006-1899 1 Dev 1 Neuron Blog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.