Export limit exceeded: 346213 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346213 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346213 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3204 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie. | ||||
| CVE-2006-3208 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. | ||||
| CVE-2006-3209 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation | ||||
| CVE-2005-3983 | 1 Hp | 1 Systems Insight Manager | 2026-04-16 | N/A |
| Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability. | ||||
| CVE-2006-3214 | 1 Hitachi | 2 Groupmax Address Server, Groupmax Mail Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests". | ||||
| CVE-2006-3216 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2026-04-16 | N/A |
| Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages. | ||||
| CVE-2006-3217 | 1 Jaguarsoft | 1 Jaguaredit | 2026-04-16 | N/A |
| JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field. | ||||
| CVE-2006-3222 | 1 Fortinet | 1 Fortios | 2026-04-16 | N/A |
| The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. | ||||
| CVE-2006-3226 | 1 Cisco | 1 Secure Access Control Server | 2026-04-16 | N/A |
| Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." | ||||
| CVE-2005-3984 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. | ||||
| CVE-2006-3227 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings. | ||||
| CVE-2006-3228 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. | ||||
| CVE-2006-3231 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters." | ||||
| CVE-1999-0238 | 1 Php | 1 Php | 2026-04-16 | N/A |
| php.cgi allows attackers to read any file on the system. | ||||
| CVE-2006-3233 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. | ||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2006-3237 | 1 Senokian Solutions | 1 Enterprise Groupware Systems | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | ||||
| CVE-2005-3988 | 1 Pineapple Technologies | 1 Lore | 2026-04-16 | N/A |
| SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3238 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. | ||||
| CVE-2005-3997 | 1 Zen Cart | 1 Zen Cart | 2026-04-16 | N/A |
| Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message. | ||||