Export limit exceeded: 350852 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350852 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3912 | 1 Rarlab | 1 Winrar | 2026-04-16 | N/A |
| Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. | ||||
| CVE-2006-3914 | 1 Blackboard | 1 Blackboard Academic Suite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. | ||||
| CVE-2006-3915 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | ||||
| CVE-2006-3916 | 1 Solucija | 1 Snews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | ||||
| CVE-2006-3917 | 1 R. Corson | 1 Php Forge | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter. | ||||
| CVE-2006-3920 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | ||||
| CVE-2006-3921 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2026-04-16 | N/A |
| Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | ||||
| CVE-2006-3932 | 1 Gonafish | 1 Linkscaffe | 2026-04-16 | N/A |
| SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3933 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. | ||||
| CVE-2006-3934 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. | ||||
| CVE-2006-3936 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. | ||||
| CVE-2006-3937 | 1 Xguestbook | 1 Xguestbook | 2026-04-16 | N/A |
| post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message. | ||||
| CVE-2006-3939 | 1 Scriptscenter | 1 Ezupload Pro | 2026-04-16 | N/A |
| ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files. | ||||
| CVE-2006-3940 | 1 Phpbb Group | 1 Phpbb-auction | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. | ||||
| CVE-2006-3943 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties. | ||||
| CVE-2006-3944 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | ||||
| CVE-2006-3945 | 2 Microsoft, Opera | 2 Windows Xp, Opera Browser | 2026-04-16 | N/A |
| The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption. | ||||
| CVE-2006-3946 | 1 Apple | 2 Mac Os X, Safari | 2026-04-16 | N/A |
| WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | ||||
| CVE-2006-3947 | 1 Mambo | 1 Mambatstaff | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3948 | 1 Php-nuke | 1 Inp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||