Export limit exceeded: 29937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6477 | 1 Mandiant | 1 First Response | 2026-04-23 | N/A |
| FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack. | ||||
| CVE-2006-6478 | 1 Scriptphp | 1 Annoncescripthp | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php. | ||||
| CVE-2006-4809 | 1 Enlightenment | 1 Imlib2 | 2026-04-23 | N/A |
| Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | ||||
| CVE-2006-6482 | 1 Adobe | 1 Coldfusion | 2026-04-23 | N/A |
| Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. | ||||
| CVE-2006-6484 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2026-04-23 | N/A |
| The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information. | ||||
| CVE-2006-6485 | 1 Shopsite | 1 Shopsite | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the prevlocation parameter in shopper/sc/registration.cgi and other unspecified vectors. | ||||
| CVE-2006-6488 | 1 Iconics | 1 Dialog Wrapper Module Activex Control | 2026-04-23 | N/A |
| Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | ||||
| CVE-2006-6489 | 1 Sisco | 5 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit and 2 more | 2026-04-23 | N/A |
| The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. | ||||
| CVE-2006-6493 | 1 Openldap | 1 Openldap | 2026-04-23 | N/A |
| Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. | ||||
| CVE-2006-6494 | 1 Sun | 2 Solaris, Sunos | 2026-04-23 | N/A |
| Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. | ||||
| CVE-2006-4843 | 1 Ibm | 1 Lotus Domino | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | ||||
| CVE-2006-6505 | 2 Mozilla, Redhat | 3 Seamonkey, Thunderbird, Enterprise Linux | 2026-04-23 | N/A |
| Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. | ||||
| CVE-2006-6507 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | ||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2026-04-23 | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | ||||
| CVE-2006-6512 | 1 Flippet.org | 1 Winamp Web Interface | 2026-04-23 | N/A |
| Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter. | ||||
| CVE-2006-6514 | 1 Flippet.org | 1 Winamp Web Interface | 2026-04-23 | N/A |
| Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of the root directory is a substring of the name of the target directory, as demonstrated by accessing C:\folder2 when the root directory is C:\folder. | ||||
| CVE-2006-6515 | 1 Mantis | 1 Mantis | 2026-04-23 | N/A |
| Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | ||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | ||||
| CVE-2006-6519 | 1 Scriptphp | 1 Pronews | 2026-04-23 | N/A |
| SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | ||||