Export limit exceeded: 357827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4810 | 2 Gnu, Redhat | 2 Texinfo, Enterprise Linux | 2026-04-23 | N/A |
| Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||
| CVE-2006-4813 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked. | ||||
| CVE-2006-4839 | 1 Sophos | 1 Sophos Anti-virus | 2026-04-23 | N/A |
| Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | ||||
| CVE-2006-4843 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | ||||
| CVE-2006-4902 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2026-04-23 | N/A |
| The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. | ||||
| CVE-2006-4925 | 1 Openbsd | 1 Openssh | 2026-04-23 | N/A |
| packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. | ||||
| CVE-2006-4926 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2026-04-23 | N/A |
| The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. | ||||
| CVE-2006-4927 | 1 Symantec | 2 Naveng Driver, Navex15 Driver | 2026-04-23 | N/A |
| The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. | ||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2026-04-23 | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | ||||
| CVE-2006-5202 | 1 Linksys | 1 Wrt54g | 2026-04-23 | N/A |
| Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. | ||||
| CVE-2006-5203 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. | ||||
| CVE-2006-5204 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | ||||
| CVE-2006-5205 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-23 | N/A |
| Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used. | ||||
| CVE-2006-5206 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | ||||
| CVE-2006-5207 | 1 Phpmyteam | 1 Phpmyteam | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in images/smileys/smileys_packs.php in phpMyTeam 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the smileys_dir parameter. | ||||
| CVE-2006-5216 | 1 Sergey Lyubka | 1 Simple Httpd | 2026-04-23 | N/A |
| Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI. | ||||
| CVE-2006-5208 | 1 Deltascripts | 1 Php Classifieds | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow remote attackers to execute arbitrary SQL commands via (1) the catid_search parameter in search.php and (2) the catid parameter in index.php. | ||||
| CVE-2006-5209 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5210 | 1 Ciphertrust | 1 Ironmail | 2026-04-23 | N/A |
| Directory traversal vulnerability in IronWebMail before 6.1.1 HotFix-17 allows remote attackers to read arbitrary files via a GET request to the IM_FILE identifier with double-url-encoded "../" sequences ("%252e%252e/"). | ||||
| CVE-2006-5211 | 1 Trend Micro | 1 Officescan Corporate Edition | 2026-04-23 | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. | ||||