Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0251 1 Faq-o-matic 1 Faq-o-matic 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.
CVE-2006-0252 1 Benders Calendar 1 Benders Calendar 2025-04-03 N/A
SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
CVE-2006-0292 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
CVE-2006-0293 1 Mozilla 1 Firefox 2025-04-03 N/A
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.
CVE-2006-1915 1 Dbbs 1 Dbbs 2025-04-03 N/A
SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter.
CVE-2006-0316 1 Aol 1 Aol Client Software 2025-04-03 N/A
Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-0328 1 Philippe Jounin 1 Tftpd32 2025-04-03 N/A
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
CVE-2006-0329 1 Hitachi 1 Hitsenser Data Mart Server 2025-04-03 N/A
SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-0336 1 Kerio 1 Winroute Firewall 2025-04-03 N/A
Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web".
CVE-2006-0345 1 Saral Kaushik 1 Saralblog 2025-04-03 N/A
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.
CVE-2006-0346 1 Saral Kaushik 1 Saralblog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php.
CVE-2006-0347 1 Stefan Ritt 1 Elog Web Logbook 2025-04-03 N/A
Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL.
CVE-2006-0365 1 Xmb Software 1 Xmb Forum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
CVE-2006-0372 1 Insane Visions 1 Blogphp 2025-04-03 N/A
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.
CVE-2006-0373 1 Douran 1 Followweb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0382 1 Apple 1 Mac Os X 2025-04-03 N/A
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
CVE-2006-0383 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
CVE-2006-2365 1 Vizra 1 Vizra 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-0401 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
CVE-2006-0402 1 Jason Geiger 1 Zoph 2025-04-03 N/A
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.