Export limit exceeded: 29867 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29867 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3118 | 1 Canonical | 1 Spread | 2025-04-03 | N/A |
| spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue. | ||||
| CVE-2006-3119 | 1 Fbi | 1 Fbi | 2025-04-03 | N/A |
| The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | ||||
| CVE-2006-3120 | 1 Brian Wotring | 1 Osiris | 2025-04-03 | N/A |
| Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions. | ||||
| CVE-2006-3124 | 1 Streamripper | 1 Streamripper | 2025-04-03 | N/A |
| Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. | ||||
| CVE-2006-3125 | 1 Gtetrinet | 1 Gtetrinet | 2025-04-03 | N/A |
| Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index. | ||||
| CVE-2006-3126 | 1 Julian Pawlowski | 1 Capi4hylafax | 2025-04-03 | N/A |
| c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. | ||||
| CVE-2006-3128 | 1 Easy-cms | 1 Easy-cms | 2025-04-03 | N/A |
| choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory. | ||||
| CVE-2006-3129 | 1 Nc Linklist | 1 Nc Linklist | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters. | ||||
| CVE-2006-3130 | 1 Clubpage | 1 Clubpage | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2006-3140 | 1 Openci | 1 Openci | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3132 | 1 Qto | 1 Qtofilemanager | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. | ||||
| CVE-2006-3134 | 1 Gracenote | 1 Cddbcontrol Activex Control | 2025-04-03 | N/A |
| Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. | ||||
| CVE-2006-3142 | 1 Vbzoom | 1 Vbzoom | 2025-04-03 | N/A |
| SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. | ||||
| CVE-2006-3143 | 1 Maximus | 1 Schoolmax | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. | ||||
| CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2025-04-03 | N/A |
| Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error. | ||||
| CVE-2006-3148 | 1 Open-realty | 1 Open-realty | 2025-04-03 | N/A |
| SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. | ||||
| CVE-2006-3414 | 1 Tor | 1 Tor | 2025-04-03 | N/A |
| Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. | ||||
| CVE-2006-3415 | 1 Tor | 1 Tor | 2025-04-03 | N/A |
| Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. | ||||
| CVE-2006-3416 | 1 Tor | 1 Tor | 2025-04-03 | N/A |
| Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE | ||||
| CVE-2006-3417 | 1 Tor | 1 Tor | 2025-04-03 | N/A |
| Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. | ||||