Export limit exceeded: 344892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3812 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links. | ||||
| CVE-2006-3182 | 1 Mobescripts | 1 Mobile Space Community | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page. | ||||
| CVE-2006-3814 | 1 Cheese Tracker | 1 Cheese Tracker | 2026-04-16 | N/A |
| Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data. | ||||
| CVE-2006-3183 | 1 Mobescripts | 1 Mobile Space Community | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). | ||||
| CVE-2006-3815 | 1 Linux-ha | 1 Heartbeat | 2026-04-16 | N/A |
| heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup. | ||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | ||||
| CVE-2006-3186 | 1 Cms Faethon | 1 Cms Faethon | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2026-04-16 | N/A |
| Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | ||||
| CVE-1999-0066 | 1 John S. Roberts | 1 Anyform | 2026-04-16 | 9.8 Critical |
| AnyForm CGI remote execution. | ||||
| CVE-2005-0369 | 1 Armagetronad | 2 Armagetron, Armagetron Advanced | 2026-04-16 | 5.3 Medium |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array. | ||||
| CVE-2006-3187 | 1 Sharky E-shop | 1 Sharky E-shop | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error. | ||||
| CVE-1999-0068 | 1 Php | 1 Php | 2026-04-16 | N/A |
| CGI PHP mylog script allows an attacker to read any file on the target server. | ||||
| CVE-2006-3188 | 1 Sharky E-shop | 1 Sharky E-shop | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3819 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". | ||||
| CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2026-04-16 | 8.4 High |
| Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | ||||
| CVE-2006-3189 | 1 Hotplug Cms | 1 Hotplug Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2006-3820 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-3190 | 1 Hotplug Cms | 1 Hotplug Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | ||||
| CVE-2006-3191 | 1 Tpvgames | 1 Mpcs | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | ||||
| CVE-2006-3192 | 1 Php Web Scripts | 1 Ad Manager Pro | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | ||||