Export limit exceeded: 29943 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2006-0866 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | ||||
| CVE-2006-0876 | 1 Popfile | 1 Popfile | 2026-04-16 | N/A |
| POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages. | ||||
| CVE-2006-0875 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | ||||
| CVE-2006-0882 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php. | ||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. | ||||
| CVE-2006-0890 | 1 Speedproject | 3 Speedcommander, Squeez, Zipstar | 2026-04-16 | N/A |
| Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive. | ||||
| CVE-2006-0895 | 1 Nocc | 1 Nocc | 2026-04-16 | N/A |
| NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php. | ||||
| CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | ||||
| CVE-2006-0901 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code. | ||||
| CVE-2006-0912 | 1 Oreka | 1 Oreka | 2026-04-16 | N/A |
| Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence." | ||||
| CVE-2006-0919 | 1 Oi | 1 Email Marketing System | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php (aka the login page) in Oi! Email Marketing System 3.0 (aka Oi! 3) allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | ||||
| CVE-2006-0921 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder. | ||||
| CVE-2006-0940 | 1 Cynical Games | 1 Shoutlive | 2026-04-16 | N/A |
| Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php. | ||||
| CVE-2006-0937 | 1 Unu Networks | 1 Mailgust | 2026-04-16 | N/A |
| U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password. | ||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | ||||
| CVE-2006-0944 | 1 Archangelmgt | 1 Weblog | 2026-04-16 | N/A |
| Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. | ||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-04-16 | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | ||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2026-04-16 | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | ||||
| CVE-2006-4526 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. | ||||