Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2026-04-16 | N/A |
| Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | ||||
| CVE-2006-1219 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. | ||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | ||||
| CVE-2006-1221 | 1 Zonelabs | 1 Zonealarm Security Suite | 2026-04-16 | N/A |
| Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE. | ||||
| CVE-2006-1222 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. | ||||
| CVE-2006-1216 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2005-4843 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer. | ||||
| CVE-2006-1225 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. | ||||
| CVE-2006-1226 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1227 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | ||||
| CVE-2006-1231 | 1 Julian Pawlowski | 1 Capi4hylafax | 2026-04-16 | N/A |
| CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. | ||||
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | ||||
| CVE-2006-1235 | 1 David Ravenscroft | 1 Hithost | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir. | ||||
| CVE-2006-1236 | 1 Crossfire | 1 Crossfire | 2026-04-16 | 7.3 High |
| Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | ||||
| CVE-2006-1237 | 1 Dsportal | 1 Dsnewsletter | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. | ||||
| CVE-2006-1238 | 1 Dsportal | 1 Dslogin | 2026-04-16 | N/A |
| SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. | ||||
| CVE-2006-1239 | 1 Countersoft | 1 Gemini | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1245 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2026-04-16 | N/A |
| Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | ||||
| CVE-2006-1252 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2026-04-16 | N/A |
| Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | ||||