Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345210 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2026-04-16 | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | ||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2026-04-16 | N/A |
| Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | ||||
| CVE-2006-0664 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | ||||
| CVE-2006-0682 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-0683 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file. | ||||
| CVE-2006-0699 | 1 David Barrett | 1 Qwikiwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | ||||
| CVE-2006-0722 | 1 Reamday Enterprises | 1 Magic Downloads | 2026-04-16 | N/A |
| settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | ||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | ||||
| CVE-2006-0739 | 1 Estara | 1 Softphone | 2026-04-16 | N/A |
| eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits. | ||||
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2026-04-16 | N/A |
| WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | ||||
| CVE-2006-0745 | 5 Mandrakesoft, Redhat, Sun and 2 more | 6 Mandrake Linux, Fedora Core, Solaris and 3 more | 2026-04-16 | N/A |
| X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. | ||||
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | ||||
| CVE-1999-0821 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| FreeBSD seyon allows local users to gain privileges by providing a malicious program in the -emulator argument. | ||||
| CVE-2000-0405 | 1 Atstake | 1 Antisniff | 2026-04-16 | N/A |
| Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. | ||||
| CVE-2006-0857 | 1 E107 | 2 Chatbox Plugin, E107 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | ||||
| CVE-1999-0822 | 1 Qualcomm | 1 Qpopper | 2026-04-16 | N/A |
| Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. | ||||
| CVE-1999-0823 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. | ||||
| CVE-1999-0824 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. | ||||
| CVE-1999-0825 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail. | ||||