Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3418 | 1 Tor | 1 Tor | 2026-04-16 | N/A |
| Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. | ||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | ||||
| CVE-2005-1915 | 1 Log4sh | 1 Log4sh | 2026-04-16 | N/A |
| The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. | ||||
| CVE-2006-3476 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | ||||
| CVE-2006-3477 | 1 Stalker | 1 Communigate | 2026-04-16 | N/A |
| Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox. | ||||
| CVE-2006-3483 | 1 Phpmaillist | 1 Phpmaillist | 2026-04-16 | N/A |
| PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat. | ||||
| CVE-2006-3489 | 1 F-secure | 3 F-secure Anti-virus, F-secure Internet Security, F-secure Service Platform For Service Providers | 2026-04-16 | N/A |
| F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier allows remote attackers to bypass anti-virus scanning via a crafted filename. | ||||
| CVE-2006-3490 | 1 F-secure | 3 F-secure Anti-virus, F-secure Internet Security, F-secure Service Platform For Service Providers | 2026-04-16 | N/A |
| F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls. | ||||
| CVE-2006-3495 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. | ||||
| CVE-2006-3681 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. | ||||
| CVE-2006-3725 | 1 Symantec | 1 Norton Personal Firewall | 2026-04-16 | N/A |
| Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent registry keys. | ||||
| CVE-2006-3781 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API. | ||||
| CVE-2006-3957 | 1 Bosdev | 1 Bosdates | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. | ||||
| CVE-2006-3959 | 1 X-scripts | 1 X-statistics | 2026-04-16 | N/A |
| SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. | ||||
| CVE-2006-4003 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2026-04-16 | N/A |
| The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp. | ||||
| CVE-2006-4084 | 1 David Walker | 1 Phpautomembersarea | 2026-04-16 | N/A |
| Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." | ||||
| CVE-2006-4116 | 1 Lhaz | 1 Lhaz | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | ||||
| CVE-2006-4132 | 1 Arcsoft | 1 Mms Composer | 2026-04-16 | N/A |
| ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. | ||||
| CVE-2006-4196 | 1 Webinsta | 1 Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. | ||||
| CVE-2006-4199 | 1 Soft3304 | 1 04webserver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page, a different vulnerability than CVE-2004-1512. | ||||