Export limit exceeded: 29867 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29867 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2177 | 1 Bitdamaged | 1 Geoblog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2006-2179 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | ||||
| CVE-2006-2183 | 1 Truecrypt Foundation | 1 Truecrypt | 2025-04-03 | N/A |
| Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | ||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2025-04-03 | N/A |
| PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | ||||
| CVE-2006-2186 | 1 Zenphoto | 1 Zenphoto | 2025-04-03 | N/A |
| zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message. | ||||
| CVE-2006-2187 | 1 Zenphoto | 1 Zenphoto | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. | ||||
| CVE-2006-2188 | 1 Cmscout | 1 Cmscout | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. | ||||
| CVE-2006-2189 | 1 Servous | 1 Sblog | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135. | ||||
| CVE-2006-2193 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-04-03 | N/A |
| Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. | ||||
| CVE-2006-2194 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2025-04-03 | N/A |
| The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. | ||||
| CVE-2006-2195 | 1 Horde | 1 Horde | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | ||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2025-04-03 | N/A |
| Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | ||||
| CVE-2006-2403 | 1 Filezilla | 1 Filezilla | 2025-04-03 | N/A |
| Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. | ||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2025-04-03 | N/A |
| Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable. | ||||
| CVE-2006-2202 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-03 | N/A |
| SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | ||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2025-04-03 | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | ||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | ||||
| CVE-2006-2205 | 1 Netbsd | 1 Netbsd | 2025-04-03 | N/A |
| The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | ||||
| CVE-2006-2209 | 1 Php Arena | 1 Pacheckbook | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2210 | 1 321soft | 1 Php-gallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. | ||||