Export limit exceeded: 29918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0178 | 1 Cray | 1 Unicos | 2026-04-16 | N/A |
| Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | ||||
| CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | ||||
| CVE-2006-0182 | 1 Acal | 1 Calendar Project | 2026-04-16 | N/A |
| login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | ||||
| CVE-2006-2348 | 1 Oasyssoft | 1 E-business Designer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-0183 | 1 Acal | 1 Calendar Project | 2026-04-16 | N/A |
| Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. | ||||
| CVE-2006-2360 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2361 | 2 Mxbb, Php Arena | 2 Mxbb Portal, Pafiledb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | ||||
| CVE-2006-0184 | 1 Mainenet Enterprises | 1 Asptopsites | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | ||||
| CVE-2006-2365 | 1 Vizra | 1 Vizra | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2006-0185 | 1 Php-nuke | 2 News Module, Pool Module | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | ||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2026-04-16 | N/A |
| By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | ||||
| CVE-2006-0189 | 1 Estara | 1 Softphone | 2026-04-16 | N/A |
| Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | ||||
| CVE-2006-0190 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | ||||
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | ||||
| CVE-2006-0191 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250. | ||||
| CVE-2006-2405 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2026-04-16 | N/A |
| Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php. | ||||
| CVE-2006-0193 | 1 Positive Software | 1 H-sphere | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. | ||||
| CVE-2006-2421 | 1 Pragma Systems | 1 Fortressssh | 2026-04-16 | N/A |
| Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | ||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2026-04-16 | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | ||||