Export limit exceeded: 29893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2097 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). | ||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2006-2098 | 1 Php Thumbnail Autoindex | 1 Php Thumbnail Autoindex | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html. | ||||
| CVE-2006-0885 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter. | ||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | ||||
| CVE-2006-2099 | 1 Ezb Systems | 1 Ultraiso | 2026-04-16 | N/A |
| Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | ||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | ||||
| CVE-2006-1892 | 1 Alwil | 1 Avast Antivirus | 2026-04-16 | N/A |
| avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory. | ||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2026-04-16 | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | ||||
| CVE-2006-1619 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | ||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | ||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | ||||
| CVE-2006-2100 | 1 Magic Iso Maker | 1 Magic Iso Maker | 2026-04-16 | N/A |
| Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | ||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | ||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2026-04-16 | N/A |
| Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | ||||
| CVE-2006-2102 | 1 Poweriso | 1 Poweriso | 2026-04-16 | N/A |
| Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | ||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | ||||
| CVE-2006-1643 | 1 Interact | 1 Interact | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party. | ||||
| CVE-2006-1644 | 1 Interact | 1 Interact | 2026-04-16 | N/A |
| login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1646 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||