Export limit exceeded: 345048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0645 | 2 Free Software Foundation Inc., Redhat | 2 Libtasn1, Enterprise Linux | 2026-04-16 | N/A |
| Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | ||||
| CVE-2006-0646 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file. | ||||
| CVE-2006-0647 | 1 Sun | 1 Java System Directory Server | 2026-04-16 | N/A |
| LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | ||||
| CVE-2006-0649 | 1 Dataparksearch | 1 Dataparksearch | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. | ||||
| CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | ||||
| CVE-2006-0652 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2026-04-16 | N/A |
| WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability. | ||||
| CVE-2006-0667 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. | ||||
| CVE-2006-0664 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. | ||||
| CVE-2006-0669 | 1 Gasoft | 1 Gas Forum Light | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments | ||||
| CVE-2006-0671 | 1 Sony Ericsson | 4 K600i, T68i, V600i and 1 more | 2026-04-16 | N/A |
| Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet. | ||||
| CVE-2006-0673 | 1 Reamday Enterprises | 1 Magic Calendar Lite | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter. | ||||
| CVE-2006-0674 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. | ||||
| CVE-2006-0675 | 1 Glen Campbell | 1 Siteframe | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-0676 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. | ||||
| CVE-2006-0677 | 1 Kth | 1 Heimdal | 2026-04-16 | N/A |
| telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. | ||||
| CVE-2006-0678 | 1 Postgresql | 1 Postgresql | 2026-04-16 | N/A |
| PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. | ||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | ||||
| CVE-2006-0680 | 1 Plain Black | 1 Webgui | 2026-04-16 | N/A |
| Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL. | ||||
| CVE-2006-0684 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-16 | N/A |
| change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access. | ||||