Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1998 1 Openttd 1 Openttd 2025-04-03 N/A
OpenTTD 0.4.7 and earlier allows local users to cause a denial of service (application exit) via a large invalid error number, which triggers an error.
CVE-2006-2004 1 Michael Romedahl 1 Ri Blog 2025-04-03 N/A
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
CVE-2006-2006 1 Ivan Zahariev 1 Izarc 2025-04-03 N/A
Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2002 1 Mygamingladder 1 Mygamingladder 2025-04-03 N/A
PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter.
CVE-2006-2012 1 Skulltag Team 1 Skulltag 2025-04-03 N/A
Format string vulnerability in Skulltag 0.96f and earlier allows remote attackers to cause a denial of service via the version string.
CVE-2006-2013 1 Web-provence 1 Sl Site 2025-04-03 N/A
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
CVE-2006-2015 1 Web-provence 1 Sl Site 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote attackers to inject arbitrary web script or HTML via the recherche parameter in recherche.php. NOTE: other XSS vectors, as reported in the original disclosure, are resultant from other primary vulnerabilities that have separate CVE names.
CVE-2006-2034 1 Flexbb 1 Flexbb 2025-04-03 N/A
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
CVE-2006-4015 1 Hp 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl 2025-04-03 N/A
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
CVE-2006-2023 1 Ls3 1 Fenice 2025-04-03 N/A
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
CVE-2006-4017 1 Inter Network Marketing Ag 1 G3 Content Management System 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
CVE-2006-2020 1 Asteriskathome 1 Asteriskathome 2025-04-03 N/A
Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information.
CVE-2006-2022 1 Ls3 1 Fenice 2025-04-03 N/A
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
CVE-2006-2028 1 Simplog 1 Simplog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal.
CVE-2006-2029 1 Simplog 1 Simplog 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
CVE-2006-2030 1 Alliedtelesyn 1 At-9724ts 2025-04-03 N/A
The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing.
CVE-2006-2032 1 Corenews 1 Corenews 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
CVE-2006-2033 1 Corenews 1 Corenews 2025-04-03 N/A
PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue.
CVE-2006-2039 1 Ubertec 1 Help Center Live 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2042 1 Adobe 1 Dreamweaver 2025-04-03 N/A
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.