Export limit exceeded: 346176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3435 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. | ||||
| CVE-2006-3436 | 1 Microsoft | 1 .net Framework | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | ||||
| CVE-2006-3867 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875. | ||||
| CVE-2006-3868 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. | ||||
| CVE-2006-5887 | 1 Dynamic Dataworx | 1 Nuschool | 2026-04-23 | N/A |
| SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | ||||
| CVE-2008-1406 | 1 Exv2 | 1 Exv2 | 2026-04-23 | N/A |
| SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. | ||||
| CVE-2006-3876 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. | ||||
| CVE-2006-3887 | 1 Aol | 1 Ygp Screensaver Activex Control | 2026-04-23 | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2006-5889 | 1 Brewblogger | 1 Brewblogger | 2026-04-23 | N/A |
| SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3888 | 1 Aol | 1 Ygp Pic Downloader Activex Control | 2026-04-23 | N/A |
| Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | ||||
| CVE-2006-3892 | 1 Emc | 1 Networker | 2026-04-23 | N/A |
| The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-5890 | 1 Superfreaker Studios | 1 Usupport | 2026-04-23 | N/A |
| SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3893 | 2 Casio, Newtone | 2 Photo Loader, Imagekit | 2026-04-23 | N/A |
| Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. | ||||
| CVE-2006-3894 | 1 Dell | 2 Bsafe Cert-c, Bsafe Crypto-c | 2026-04-23 | N/A |
| The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects. | ||||
| CVE-2006-5894 | 1 Rama Cms | 1 Rama Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php. | ||||
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2026-04-23 | N/A |
| The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | ||||
| CVE-2006-5898 | 1 Phpheaven | 1 Phpmychat | 2026-04-23 | N/A |
| Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter. | ||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | ||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2026-04-23 | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | ||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | ||||