Export limit exceeded: 355899 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6879 | 1 Php-update | 1 Php-update | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. | ||||
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used | ||||
| CVE-2006-6885 | 1 Macromedia | 1 Shockwave | 2026-04-23 | N/A |
| An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. | ||||
| CVE-2006-6895 | 1 Sony Ericsson | 1 T60 | 2026-04-23 | N/A |
| The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. | ||||
| CVE-2006-6888 | 1 P-news | 1 P-news | 2026-04-23 | N/A |
| P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | ||||
| CVE-2006-6889 | 1 Freestyle | 1 Freestyle Wiki | 2026-04-23 | N/A |
| FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat. | ||||
| CVE-2006-6890 | 1 Voc-project | 1 Voodoo Chat | 2026-04-23 | N/A |
| Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat. | ||||
| CVE-2006-6891 | 1 Vz Forum | 1 Vz Forum | 2026-04-23 | N/A |
| Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | ||||
| CVE-2006-6892 | 1 Jonathon Freeman | 1 Ovbb | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. | ||||
| CVE-2006-6893 | 1 Tor | 1 Tor | 2026-04-23 | N/A |
| Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE. | ||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security." | ||||
| CVE-2006-6896 | 1 Plantronic | 1 Headset | 2026-04-23 | N/A |
| The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | ||||
| CVE-2006-6897 | 1 Widcomm | 1 Bluetooth For Windows | 2026-04-23 | N/A |
| Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. | ||||
| CVE-2006-6898 | 1 Broadcom | 1 Widcomm Bluetooth | 2026-04-23 | N/A |
| Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack. | ||||
| CVE-2006-6900 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug." | ||||
| CVE-2006-6901 | 1 Microsoft | 1 Windows 2003 Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2006-6902 | 1 Microsoft | 1 Windows 2003 Server | 2026-04-23 | N/A |
| Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2006-6903 | 1 Toshiba | 1 Bluetooth | 2026-04-23 | N/A |
| Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2006-6904 | 1 Broadcom | 1 Bluetooth Stack | 2026-04-23 | N/A |
| Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||
| CVE-2006-6905 | 1 Broadcom | 1 Widcomm Bluetooth | 2026-04-23 | N/A |
| Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors. | ||||