Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0232 | 1 Symantec | 1 Antivirus Scan Engine | 2026-04-16 | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | ||||
| CVE-2006-0220 | 1 Codeworx Technologies | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13. | ||||
| CVE-2006-0229 | 1 Wehnus | 1 Wehntrust | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key. | ||||
| CVE-2006-0236 | 1 Mozilla | 1 Thunderbird | 2026-04-16 | N/A |
| GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. | ||||
| CVE-2006-0237 | 1 Gtp | 1 Icommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0253 | 1 Ambicom | 1 Blue Neighbors | 2026-04-16 | N/A |
| Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push. | ||||
| CVE-2006-0257 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. | ||||
| CVE-2006-0263 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. | ||||
| CVE-2006-0265 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS. | ||||
| CVE-1999-0817 | 1 University Of Kansas | 1 Lynx | 2026-04-16 | N/A |
| Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet. | ||||
| CVE-2006-0276 | 1 Oracle | 1 Collaboration Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in the (a) Email Server component; 10) OCS10 (and (11) OCS11 in the (b) Oracle Collaboration Suite Wireless & Voice (component; 12) OCS12 and (13) OCS13 in the (c) Oracle Content (Management SDK component; 14) OCS14 and (15) OCS15 in the (d) Oracle (Content Services component. | ||||
| CVE-2006-0277 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component. | ||||
| CVE-2006-0283 | 1 Oracle | 3 Application Server, Collaboration Suite, Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. | ||||
| CVE-2006-0291 | 1 Oracle | 4 Application Server, Collaboration Suite, Database Server and 1 more | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component. | ||||
| CVE-2006-0298 | 1 Mozilla | 2 Firefox, Seamonkey | 2026-04-16 | N/A |
| The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. | ||||
| CVE-2006-0313 | 1 Pdfdirectory | 1 Pdfdirectory | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php. | ||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". | ||||
| CVE-2006-0342 | 1 Rockliffe | 1 Mailsite | 2026-04-16 | N/A |
| RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as "|". | ||||
| CVE-2006-0352 | 1 Fluffington | 1 Flog | 2026-04-16 | N/A |
| The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected. | ||||
| CVE-2006-0363 | 1 Microsoft | 1 Msn Messenger | 2026-04-16 | N/A |
| The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. | ||||