Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1236 1 Crossfire 1 Crossfire 2026-04-16 7.3 High
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
CVE-2006-1266 1 Virtual Communication Services 1 Vpmi Enterprise 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter.
CVE-2006-1258 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
CVE-2006-1259 1 Maian 1 Support 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.
CVE-2006-1260 1 Horde 1 Horde 2026-04-16 N/A
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check.
CVE-2006-1262 1 Aspportal 1 Aspportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors.
CVE-2006-1264 1 Xhawk.net 1 Discussion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
CVE-2006-1270 1 Inprotect 1 Inprotect 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-1356 1 Andrew Hsu 2 Libvc, Rolo 2026-04-16 N/A
Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.
CVE-2006-1324 1 Woltlab 1 Burning Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
CVE-2006-1355 1 Alwil 1 Avast Antivirus 2026-04-16 N/A
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files.
CVE-2006-1361 1 Oswiki 1 Oswiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml.
CVE-2006-1388 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
CVE-2006-1409 1 Vavoom 1 Vavoom 2026-04-16 N/A
Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet.
CVE-2006-1719 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
CVE-2006-1758 1 Bill Shupp 1 Vegadns 2026-04-16 N/A
SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-1761 1 Blursoft 1 Blur6ex 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
CVE-2006-1784 1 Sphider 1 Sphider 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
CVE-2006-1787 1 Adobe 1 Document Server 2026-04-16 N/A
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.
CVE-2006-1820 1 Modxcms 1 Modxcms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability.