Export limit exceeded: 346156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5629 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | ||||
| CVE-2006-5630 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-23 | N/A |
| Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to (1) delete the virtual directory of an arbitrary site via a modified ForumID parameter in a disableforum action in DisableForum.asp and (2) create an arbitrary forum virtual directory via an empty ForumID parameter in an enableforum action in EnableForum.asp. | ||||
| CVE-2006-5631 | 1 Ig Shop | 1 Ig Shop | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. | ||||
| CVE-2006-5632 | 1 Ig Shop | 1 Ig Shop | 2026-04-23 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-5633 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-23 | N/A |
| Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. | ||||
| CVE-2006-5634 | 1 Phpprofiles | 1 Phpprofiles | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | ||||
| CVE-2006-5636 | 1 Sws | 1 Simple Website Software | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. | ||||
| CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | ||||
| CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | ||||
| CVE-2006-5639 | 1 Openwbem | 1 Openwbem | 2026-04-23 | N/A |
| Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." | ||||
| CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2026-04-23 | N/A |
| SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2026-04-23 | N/A |
| SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2006-5646 | 1 Sophos | 2 Anti-virus, Endpoint Security | 2026-04-23 | N/A |
| Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. | ||||
| CVE-2006-5647 | 1 Sophos | 2 Anti-virus, Endpoint Security | 2026-04-23 | N/A |
| Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." | ||||
| CVE-2006-5648 | 1 Ubuntu | 1 Ubuntu Linux | 2026-04-23 | 5.5 Medium |
| Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. | ||||
| CVE-2006-5649 | 1 Ubuntu | 1 Ubuntu Linux | 2026-04-23 | 5.5 Medium |
| Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. | ||||
| CVE-2006-5650 | 1 Aol | 1 Icq | 2026-04-23 | N/A |
| The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | ||||
| CVE-2006-5652 | 1 Sun | 1 Iplanet Messaging Server Messenger Express | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. | ||||
| CVE-2006-5653 | 1 Sun | 1 Java System Messenger Express | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. | ||||
| CVE-2006-5654 | 1 Sun | 2 Java System Web Server, One Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. | ||||