Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6664 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2026-04-23 | N/A |
| Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information. | ||||
| CVE-2006-6668 | 1 Verliadmin | 1 Verliadmin | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6667 | 1 Verliadmin | 1 Verliadmin | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6669 | 1 Webcalendar | 1 Webcalendar | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. | ||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | ||||
| CVE-2006-5029 | 1 Woltlab | 1 Burning Board | 2026-04-23 | N/A |
| SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4. | ||||
| CVE-2006-6675 | 1 Novell | 2 Apache Http Server, Netware | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. | ||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2026-04-23 | N/A |
| The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | ||||
| CVE-2006-6680 | 1 Chetcpasswd | 1 Chetcpasswd | 2026-04-23 | N/A |
| Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | ||||
| CVE-2006-6690 | 1 Typo3 | 1 Typo3 | 2026-04-23 | N/A |
| rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | ||||
| CVE-2006-6691 | 1 Valdersoft | 1 Shopping Cart | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php. | ||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2026-04-23 | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | ||||
| CVE-2006-6694 | 1 Scriptsfrenzy.com | 1 E-uploader Pro | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php. | ||||
| CVE-2006-5052 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2026-04-23 | N/A |
| Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." | ||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-5014 | 1 Cpanel | 1 Cpanel | 2026-04-23 | 8.8 High |
| Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. | ||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | ||||
| CVE-2006-5015 | 1 Kietu | 1 Kietu | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. | ||||
| CVE-2006-5008 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors. | ||||
| CVE-2006-5005 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login. | ||||