Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6318 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
CVE-2006-6336 1 Eudora 1 Worldmail Management Server 2026-04-23 N/A
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
CVE-2006-6360 1 Sergey Korostel 1 Php Upload Center 2026-04-23 N/A
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.
CVE-2006-6906 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.
CVE-2006-6914 1 Ibm 1 Aix 2026-04-23 N/A
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
CVE-2006-6915 1 Ibm 1 Aix 2026-04-23 N/A
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
CVE-2006-6916 1 Getahead 1 Direct Web Remoting 2026-04-23 N/A
Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."
CVE-2006-6918 1 Geobb 1 Geobb 2026-04-23 N/A
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
CVE-2006-6920 1 Nucleus Cms 1 Nucleus Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.
CVE-2006-6926 1 Extremail 1 Extremail 2026-04-23 N/A
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6928 1 Grandora 1 Rialto 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.
CVE-2006-6933 1 Efs Software 1 Easy Chat Server 2026-04-23 N/A
Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6934 1 Portix-php 1 Portix-php 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.
CVE-2006-6935 1 Portix-php 1 Portix-php 2026-04-23 N/A
SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.
CVE-2006-6937 1 Pensacola Web Designs 1 Xtremeasp Photogallery 2026-04-23 N/A
SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
CVE-2006-5891 1 Superfreaker Studios 1 Ustore 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-6940 1 Owa 1 Owa 2026-04-23 N/A
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
CVE-2006-6949 1 Conti 1 Ftpserver 2026-04-23 N/A
Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.
CVE-2006-6959 1 Webroot Software 1 Spy Sweeper 2026-04-23 N/A
WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.
CVE-2006-6960 1 Webroot Software 1 Spy Sweeper 2026-04-23 N/A
The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.