Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0613 | 1 Sun | 1 J2se | 2026-04-16 | N/A |
| Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. | ||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | ||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | ||||
| CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | ||||
| CVE-2006-0617 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." | ||||
| CVE-2006-0618 | 1 Qnx | 1 Neutrino Rtos | 2026-04-16 | N/A |
| Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name). | ||||
| CVE-2006-0619 | 1 Qnx | 1 Rtos | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow local users to execute arbitrary code via long (1) ABLPATH or (2) ABLANG environment variables in the libAP library (libAp.so.2) or (3) a long PHOTON_PATH environment variable to the setitem function in the libph library. | ||||
| CVE-2006-0620 | 1 Qnx | 1 Rtos | 2026-04-16 | N/A |
| Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables. | ||||
| CVE-2006-0625 | 1 Spip | 1 Spip | 2026-04-16 | N/A |
| Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. | ||||
| CVE-2006-0633 | 1 Invisionpower | 1 Invision Power Board | 2026-04-16 | N/A |
| The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. | ||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2026-04-16 | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | ||||
| CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | ||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | ||||
| CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | ||||
| CVE-2006-0655 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2026-04-16 | N/A |
| Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | ||||
| CVE-2006-0657 | 1 Softcomplex | 1 Php Event Calendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. | ||||
| CVE-2006-0658 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. | ||||
| CVE-2006-0659 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | ||||
| CVE-2006-0660 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php. | ||||