Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3444 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
CVE-2006-3452 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-16 N/A
Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.
CVE-2006-3453 1 Adobe 1 Acrobat 2026-04-16 N/A
Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF.
CVE-2006-3473 1 Drupal 1 Form Mail Module 2026-04-16 N/A
CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.
CVE-2006-3474 1 Belchior Foundry 1 Vcard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.
CVE-2006-3560 1 Blue Dojo 1 Graffiti Forums 2026-04-16 N/A
SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter.
CVE-2006-3535 1 Nullsoft 1 Shoutcast Dsp 2026-04-16 N/A
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.
CVE-2006-3536 1 Ej3 1 Topo 2026-04-16 N/A
Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.
CVE-2006-3537 1 Randshop 1 Randshop 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375.
CVE-2006-3540 1 Zonelabs 1 Zonealarm Security Suite 2026-04-16 N/A
Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VETFDDNT\Enum argument.
CVE-2006-4077 1 Comet 1 Comet Webfile Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.
CVE-2006-4078 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
CVE-2006-4079 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
CVE-2006-4081 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
CVE-2006-4080 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
CVE-2006-4090 1 Webligo 1 Bloghoster 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php.
CVE-2006-4084 1 David Walker 1 Phpautomembersarea 2026-04-16 N/A
Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
CVE-2006-4085 1 Olaf Noehring 1 The Search Engine Project 2026-04-16 N/A
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4108 1 Drupal 1 Bibliography Module 2026-04-16 N/A
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-4109 1 Drupal 1 Bibliography Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.