Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5973 | 1 Timo Sirainen | 1 Dovecot | 2026-04-23 | N/A |
| Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. | ||||
| CVE-2006-5975 | 1 Drumster | 1 Blogme | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. | ||||
| CVE-2006-5976 | 1 Drumster | 1 Blogme | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5977 | 1 Expinion.net | 1 Multicalendars | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293. | ||||
| CVE-2006-5978 | 1 E-xoopport | 1 E-xoopport | 2026-04-23 | N/A |
| Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix." | ||||
| CVE-2006-5979 | 1 Renasoft | 1 Netjetserver | 2026-04-23 | N/A |
| Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2026-04-23 | N/A |
| adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. | ||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5986 | 1 Extreme Cms | 1 Extreme Cms | 2026-04-23 | N/A |
| admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5987 | 1 Aspintranet | 1 Aspintranet | 2026-04-23 | N/A |
| SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | ||||
| CVE-2006-5988 | 1 Microsoft | 1 Windows 2000 | 2026-04-23 | N/A |
| Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2006-5989 | 2 Mod Auth Kerb, Redhat | 2 Mod Auth Kerb, Enterprise Linux | 2026-04-23 | N/A |
| Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | ||||
| CVE-2006-5991 | 1 Cactusoft | 1 Cactushop | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | ||||
| CVE-2006-6269 | 1 Infinity Technologies | 1 Infinitytechs Restaurants Cm | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp. | ||||
| CVE-2006-6270 | 1 Kervancilar | 1 Aspmforum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141. | ||||
| CVE-2006-6271 | 1 Phpoll | 1 Phpoll | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. | ||||
| CVE-2006-6272 | 1 Paul Griffin | 1 Simple Php Gallery | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | ||||
| CVE-2006-6273 | 1 Paul Griffin | 1 Simple Php Gallery | 2026-04-23 | N/A |
| sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message. | ||||
| CVE-2006-6274 | 1 Expinion.net | 2 Inews Publisher, News Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher. | ||||