Export limit exceeded: 348484 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0837 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2006-0838 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2006-0839 | 1 Sourcefire | 1 Snort | 2026-04-16 | N/A |
| The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. | ||||
| CVE-2006-0840 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. | ||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2026-04-16 | N/A |
| SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0843 | 1 Leif M. Wright | 1 Web Blog | 2026-04-16 | N/A |
| Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password. | ||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2026-04-16 | N/A |
| Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | ||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2026-04-16 | N/A |
| Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | ||||
| CVE-2006-0846 | 1 Leif M. Wright | 1 Web Blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | ||||
| CVE-2006-0866 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | ||||
| CVE-2006-0867 | 1 South River | 1 Webdrive | 2026-04-16 | N/A |
| Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. | ||||
| CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. | ||||
| CVE-2006-0872 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | ||||
| CVE-2006-0873 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | ||||
| CVE-2006-0875 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | ||||
| CVE-2006-0877 | 1 Easy Forum | 1 Easy Forum | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. | ||||
| CVE-2006-0878 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. | ||||
| CVE-2006-0879 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | ||||
| CVE-2006-0881 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-16 | N/A |
| Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php. | ||||
| CVE-2006-0900 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. | ||||