Export limit exceeded: 363780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2662 1 Vmware 1 Server 2026-04-16 N/A
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
CVE-2006-4434 1 Sendmail 1 Sendmail 2026-04-16 7.5 High
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
CVE-2005-1006 1 Sonicwall 2 Soho, Soho Firmware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.
CVE-2006-4439 1 Sun 1 Solaris 2026-04-16 N/A
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
CVE-2006-4440 1 Ay System Solutions 1 Ay System Solutions Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter.
CVE-2006-0557 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
CVE-2006-4444 1 Cybozu 1 Garoon 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
CVE-2006-0558 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local users to cause a denial of service (crash) by interrupting a task while another process is accessing the mm_struct, which triggers a BUG_ON action in the put_page_testzero function.
CVE-2006-2664 1 Ifdate.com 1 Ifdate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.
CVE-2006-4446 1 Microsoft 1 Ie 2026-04-16 N/A
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
CVE-2006-4447 1 X.org 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more 2026-04-16 N/A
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
CVE-2006-4449 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
CVE-2006-4455 1 Xchat 1 Xchat 2026-04-16 N/A
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
CVE-2005-1020 1 Cisco 1 Ios 2026-04-16 N/A
Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.
CVE-2006-4461 1 Paessler 1 Ipcheck Server Monitor 2026-04-16 N/A
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
CVE-2006-4477 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php.
CVE-2005-1031 2 E-xoops, Runcms 2 E-xoops, Runcms 2026-04-16 N/A
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.
CVE-2006-4478 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter.
CVE-2006-4482 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2026-04-16 N/A
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2006-4495 1 Microsoft 2 Ie, Windows 2003 Server 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.