Export limit exceeded: 344983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344983 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0759 | 1 Hivemail | 1 Hivemail | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled. | ||||
| CVE-2006-0760 | 1 Lighttpd | 1 Lighttpd | 2026-04-16 | N/A |
| LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. | ||||
| CVE-2006-0761 | 1 Rim | 1 Blackberry Enterprise Server | 2026-04-16 | N/A |
| Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. | ||||
| CVE-2006-0762 | 1 Winability | 1 Folder Guard | 2026-04-16 | N/A |
| WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement. | ||||
| CVE-2006-0763 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter. | ||||
| CVE-2006-0764 | 1 Cisco | 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module | 2026-04-16 | N/A |
| The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455. | ||||
| CVE-2006-0765 | 1 Mirabilis | 2 Icq, Icq Lite | 2026-04-16 | N/A |
| GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs. | ||||
| CVE-2006-0766 | 1 Mirabilis | 2 Icq, Icq Lite | 2026-04-16 | N/A |
| ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs. | ||||
| CVE-2006-0767 | 1 Nathan Neulinger | 1 Cgiwrap | 2026-04-16 | N/A |
| CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause errors in scripts that reveal system information. | ||||
| CVE-2006-0768 | 1 Kadu | 1 Kadu | 2026-04-16 | N/A |
| Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests. | ||||
| CVE-2006-2112 | 2 Dell, Fuji Xerox | 19 3000cn, 3010cn, 3100cn and 16 more | 2026-04-16 | N/A |
| Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. | ||||
| CVE-2006-3438 | 1 Microsoft | 1 Hyperlink Object Library | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | ||||
| CVE-2006-3440 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability." | ||||
| CVE-2006-3442 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. | ||||
| CVE-2006-3443 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." | ||||
| CVE-2006-3444 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." | ||||
| CVE-2006-3449 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | ||||
| CVE-2006-3450 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | ||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. | ||||
| CVE-2006-3457 | 1 Symantec | 2 On-demand Agent, On-demand Protection | 2026-04-16 | N/A |
| Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. | ||||