Export limit exceeded: 350765 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2421 | 1 Pragma Systems | 1 Fortressssh | 2026-04-16 | N/A |
| Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | ||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2026-04-16 | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | ||||
| CVE-2006-0206 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2026-04-16 | N/A |
| Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | ||||
| CVE-2006-0214 | 1 Indexcor | 1 Ezdatabase | 2026-04-16 | N/A |
| Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | ||||
| CVE-2006-2446 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. | ||||
| CVE-2006-0221 | 1 Ddsn | 1 Cm3cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | ||||
| CVE-2006-2473 | 1 Openwiki | 1 Openwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites. | ||||
| CVE-2006-0238 | 1 Gamerz | 1 Wp-stats | 2026-04-16 | N/A |
| SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. | ||||
| CVE-2006-0243 | 1 Smbcms | 1 Smbcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0245 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152. | ||||
| CVE-2006-2499 | 1 Xfairguy | 1 Codeavalanche News | 2026-04-16 | N/A |
| SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2006-0254 | 2 Apache, Redhat | 3 Geronimo, Network Satellite, Rhel Application Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | ||||
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | ||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2006-2793 | 1 Aspsitem | 1 Aspsitem | 2026-04-16 | N/A |
| SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | ||||
| CVE-2006-0445 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-16 | N/A |
| index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability. | ||||
| CVE-2006-0447 | 1 E-post Corporation | 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon | 2026-04-16 | N/A |
| Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | ||||
| CVE-2006-0448 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. | ||||
| CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | ||||