Export limit exceeded: 351673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0430 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). | ||||
| CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | ||||
| CVE-2006-0432 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | ||||
| CVE-2006-0433 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). | ||||
| CVE-2006-0436 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | ||||
| CVE-2006-0439 | 1 Text Rider | 1 Text Rider | 2026-04-16 | N/A |
| Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. | ||||
| CVE-2006-0440 | 1 Text Rider | 1 Text Rider | 2026-04-16 | N/A |
| Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie. | ||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2026-04-16 | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | ||||
| CVE-2006-0443 | 1 Cheesyblog | 1 Cheesyblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. | ||||
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. | ||||
| CVE-2006-0446 | 1 Webwork | 1 Webwork | 2026-04-16 | N/A |
| Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | ||||
| CVE-2006-0458 | 1 Irssi | 1 Irssi | 2026-04-16 | N/A |
| The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command. | ||||
| CVE-2006-0453 | 1 Redhat | 2 Directory Server, Fedora Core | 2026-04-16 | N/A |
| The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite. | ||||
| CVE-2006-0468 | 1 Stalker | 1 Communigate Pro | 2026-04-16 | N/A |
| CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. | ||||
| CVE-2006-0469 | 1 Uebimiau | 1 Uebimiau | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. | ||||
| CVE-2006-0471 | 1 My Little Homepage | 1 My Little Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0473 | 1 My Little Homepage | 1 My Little Weblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0475 | 1 Theworldsend.net | 1 Php-ping | 2026-04-16 | N/A |
| PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter. | ||||