Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1108 1 Nmdeluxe 1 Nmdeluxe 2026-04-16 N/A
SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0158 1 Cyberdoc 1 Sitesuite Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2006-0161 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.
CVE-2006-0181 1 Cisco 1 Cs-mars 2026-04-16 N/A
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.
CVE-2006-0198 1 Xoops 1 Xoops Pool Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
CVE-2006-0214 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
CVE-2006-0241 1 Webmobo 1 Wbnews 2026-04-16 N/A
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.
CVE-2006-0242 1 Php Fusebox 1 Php Fusebox 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.
CVE-2006-0253 1 Ambicom 1 Blue Neighbors 2026-04-16 N/A
Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push.
CVE-2006-0335 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.
CVE-2006-2365 1 Vizra 1 Vizra 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-0379 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.
CVE-2006-0402 1 Jason Geiger 1 Zoph 2026-04-16 N/A
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.
CVE-2006-0418 1 Topcmm Computing 1 123 Flash Chat Server 2026-04-16 N/A
Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.
CVE-2006-0425 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
CVE-2006-0439 1 Text Rider 1 Text Rider 2026-04-16 N/A
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
CVE-2006-0440 1 Text Rider 1 Text Rider 2026-04-16 N/A
Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie.
CVE-2006-0554 1 Linux 1 Linux Kernel 2026-04-16 N/A
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
CVE-2006-0638 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
CVE-2006-0665 1 Mantis 1 Mantis 2026-04-16 N/A
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.