Export limit exceeded: 355338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29937 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2026-04-23 | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | ||||
| CVE-2006-6694 | 1 Scriptsfrenzy.com | 1 E-uploader Pro | 2026-04-23 | N/A |
| Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. (dot dot) in the language parameter, as demonstrated by uploading a .JPG file containing PHP code, then accessing the file via config.php. | ||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2026-04-23 | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | ||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | ||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | ||||
| CVE-2006-4581 | 1 The Address Book | 1 The Address Book | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. | ||||
| CVE-2006-6713 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2026-04-23 | N/A |
| Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. | ||||
| CVE-2006-4520 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | ||||
| CVE-2006-6715 | 1 Powerscripts | 1 Powerclan | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter. | ||||
| CVE-2006-4518 | 1 Qbik | 1 Wingate | 2026-04-23 | N/A |
| Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. | ||||
| CVE-2006-6718 | 1 Alliedtelesyn | 1 At-9000 24 Ethernetswitch | 2026-04-23 | N/A |
| The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions. | ||||
| CVE-2006-6721 | 1 Knusperleicht | 1 Shoutbox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | ||||
| CVE-2006-6722 | 1 Jelle De Vos | 1 Bandwebsite | 2026-04-23 | N/A |
| Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | ||||
| CVE-2006-4521 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | ||||
| CVE-2006-6731 | 2 Redhat, Sun | 5 Enterprise Linux, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6743 | 1 Phpprofiles | 1 Phpprofiles | 2026-04-23 | N/A |
| phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | ||||
| CVE-2006-6744 | 1 Phpprofiles | 1 Phpprofiles | 2026-04-23 | N/A |
| phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | ||||
| CVE-2006-4513 | 1 Wvware | 1 Wvware | 2026-04-23 | N/A |
| Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function. | ||||
| CVE-2006-6752 | 1 Ftprush | 1 Ftprush | 2026-04-23 | N/A |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. | ||||