Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4117 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. | ||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4121 | 1 See-commerce | 1 See-commerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-4122 | 1 Simple One-file Guestbook | 1 Simple One-file Guestbook | 2026-04-16 | N/A |
| Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | ||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | ||||
| CVE-2006-4124 | 1 Lesstif | 1 Lesstif | 2026-04-16 | N/A |
| The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. | ||||
| CVE-2006-4125 | 1 Dconnect | 1 Dconnect Daemon | 2026-04-16 | N/A |
| Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | ||||
| CVE-2006-4126 | 1 Dconnect | 1 Dconnect Daemon | 2026-04-16 | N/A |
| The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. | ||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | ||||
| CVE-2006-4131 | 1 Arcsoft | 1 Mms Composer | 2026-04-16 | N/A |
| Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers. | ||||
| CVE-2006-4132 | 1 Arcsoft | 1 Mms Composer | 2026-04-16 | N/A |
| ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. | ||||
| CVE-2006-4134 | 1 Sap | 1 Internet Graphics Server | 2026-04-16 | N/A |
| Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | ||||
| CVE-2006-4230 | 1 Lizge | 1 Lizge Web Portal | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. | ||||
| CVE-2006-4460 | 1 Clemens Wacha | 1 Php Iaddressbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4461 | 1 Paessler | 1 Ipcheck Server Monitor | 2026-04-16 | N/A |
| Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors. | ||||
| CVE-2006-4462 | 1 Gonafish.com | 1 Linkscaffe | 2026-04-16 | N/A |
| Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php. | ||||
| CVE-2006-4463 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field). | ||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2026-04-16 | N/A |
| The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | ||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2026-04-16 | N/A |
| Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | ||||
| CVE-2006-4479 | 1 Visualshapers | 1 Ezcontents | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. | ||||