Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6389 1 Ac4p 1 Ac4p Mobile 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
CVE-2006-6390 1 Open Solution 1 Quick.cart 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.
CVE-2006-6391 1 Open Solution 1 Quick.cart 2026-04-23 N/A
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6392 1 Plx Web Studio 1 Plx Pay 2026-04-23 N/A
Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6393 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function.
CVE-2006-6394 1 Jonas Gauffin 1 Publicera 2026-04-23 N/A
SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-6395 1 Ulrik Petersen 2 Emdros Database Engine, Emrdos Database Engine 2026-04-23 N/A
Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.
CVE-2006-6397 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-23 N/A
Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability
CVE-2006-6398 1 Superfreaker Studios 1 Upublisher 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.
CVE-2006-6399 1 Superfreaker Studios 1 Upublisher 2026-04-23 N/A
SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-6404 1 Innovationdp 1 Fdr\/upstrean 2026-04-23 N/A
INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated using nmap. NOTE: the vendor's testing reportedly found that no denial of service occurred.
CVE-2006-6431 1 Xerox 1 Workcentre 2026-04-23 N/A
Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.
CVE-2006-6424 1 Novell 1 Netmail 2026-04-23 N/A
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
CVE-2006-6425 1 Novell 1 Netmail 2026-04-23 N/A
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
CVE-2006-6423 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-23 N/A
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
CVE-2006-6433 1 Xerox 1 Workcentre 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.
CVE-2006-6435 1 Xerox 1 Workcentre 2026-04-23 N/A
The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack.
CVE-2006-6437 1 Xerox 1 Workcentre 2026-04-23 N/A
ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file.
CVE-2006-6438 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.
CVE-2006-6439 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors.