Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0168 1 Myphpim 1 Myphpim 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.
CVE-2006-0169 1 Myphpim 1 Myphpim 2025-04-03 N/A
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.
CVE-2006-0171 1 Orjinweb 1 Orjinweb E-commerce 2025-04-03 N/A
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE.
CVE-2006-0177 1 Cray 1 Unicos 2025-04-03 N/A
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.
CVE-2006-0178 1 Cray 1 Unicos 2025-04-03 N/A
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVE-2006-0204 1 Wordcircle 1 Wordcircle 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts.
CVE-2006-0310 1 Mike Helton 1 Aoblogger 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
CVE-2006-0231 1 Symantec 1 Antivirus Scan Engine 2025-04-03 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
CVE-2006-0232 1 Symantec 1 Antivirus Scan Engine 2025-04-03 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
CVE-2006-0234 1 Microblog 1 Microblog 2025-04-03 N/A
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
CVE-2006-0235 1 White Angle 1 White Album 2025-04-03 N/A
SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.
CVE-2006-0529 1 Ca 1 Messaging 2025-04-03 N/A
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.
CVE-2006-0536 1 Neomail 1 Neomail 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".
CVE-2006-0537 1 Kinesphere Corporation 1 Exchange Pop3 2025-04-03 N/A
Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.
CVE-2006-0555 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).
CVE-2006-0564 1 Microsoft 2 Html Help, Html Help Workshop 2025-04-03 N/A
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
CVE-2006-0572 1 Hinton Design 1 Phpstatus 2025-04-03 N/A
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
CVE-2006-0574 1 Cpanel 1 Cpanel 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
CVE-2006-0580 1 Ibm 1 Lotus Domino Server 2025-04-03 N/A
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP).
CVE-2006-0581 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.