Search Results (363250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2940 2 Openssl, Redhat 3 Openssl, Enterprise Linux, Network Satellite 2026-04-23 N/A
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.
CVE-2006-4181 1 Gnu 1 Radius 2026-04-23 N/A
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-4518 1 Qbik 1 Wingate 2026-04-23 N/A
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
CVE-2006-5054 1 Iyzi Forum 1 Iyzi Forum 2026-04-23 N/A
SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
CVE-2006-5055 1 Forum One 1 Syntaxcms 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
CVE-2006-5057 1 Ktools.net 1 Photostore 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.
CVE-2006-5062 1 Pblang 1 Pblang 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/pb/language/lang_nl.php in PBLang (PBL) 4.66z and earlier allows remote attackers to execute arbitrary PHP code via a URL in the temppath parameter.
CVE-2006-5063 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
CVE-2006-5066 1 Danphpsupport 1 Danphpsupport 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport 0.5, and other versions before 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in index.php or the (2) do parameter in admin.php.
CVE-2006-5233 1 Polycom 1 Soundpoint Ip 301 2026-04-23 N/A
Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script.
CVE-2006-5067 1 Php System Administration Toolkit 1 Php System Administration Toolkit 2026-04-23 N/A
PHP remote file inclusion vulnerability in loader.php in PHP System Administration Toolkit (PHPSaTK) allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config] parameter. NOTE: this issue is disputed by CVE; analysis shows that the GLOBALS[config] variable is initialized before being used
CVE-2006-5069 1 Typo3 1 Typo3 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-6113 1 James Greenwood 1 Monkey Boards 2026-04-23 N/A
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
CVE-2006-6131 1 Kerio 1 Webstar 2026-04-23 N/A
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVE-2006-6132 1 Softacid 1 Link Exchange Lite 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.
CVE-2006-6133 2 Businessobjects, Microsoft 2 Crystal Reports Xi, Visual Studio .net 2026-04-23 N/A
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
CVE-2006-6134 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
CVE-2006-6135 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
CVE-2006-6136 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.
CVE-2006-6137 1 Sisfo Kampus 1 Sisfo Kampus 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php.