Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4117 1 Sun 1 Solaris 2026-04-16 N/A
The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect.
CVE-2006-4120 1 Drupal 2 Drupal, Recipe Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4121 1 See-commerce 1 See-commerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4122 1 Simple One-file Guestbook 1 Simple One-file Guestbook 2026-04-16 N/A
Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
CVE-2006-4123 1 Boite De News 1 Boite De News 2026-04-16 N/A
PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter.
CVE-2006-4124 1 Lesstif 1 Lesstif 2026-04-16 N/A
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
CVE-2006-4125 1 Dconnect 1 Dconnect Daemon 2026-04-16 N/A
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.
CVE-2006-4126 1 Dconnect 1 Dconnect Daemon 2026-04-16 N/A
The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference.
CVE-2006-4129 1 Joomla 1 Webring Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
CVE-2006-4131 1 Arcsoft 1 Mms Composer 2026-04-16 N/A
Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers.
CVE-2006-4132 1 Arcsoft 1 Mms Composer 2026-04-16 N/A
ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.
CVE-2006-4134 1 Sap 1 Internet Graphics Server 2026-04-16 N/A
Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
CVE-2006-4230 1 Lizge 1 Lizge Web Portal 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters.
CVE-2006-4460 1 Clemens Wacha 1 Php Iaddressbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4461 1 Paessler 1 Ipcheck Server Monitor 2026-04-16 N/A
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
CVE-2006-4462 1 Gonafish.com 1 Linkscaffe 2026-04-16 N/A
Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.
CVE-2006-4463 1 Jetstat.com 1 Js Asp Faq Manager 2026-04-16 N/A
SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password field).
CVE-2006-4464 1 Nokia 1 Symbian 2026-04-16 N/A
The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string.
CVE-2006-4473 1 Joomla 1 Joomla 2026-04-16 N/A
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
CVE-2006-4479 1 Visualshapers 1 Ezcontents 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter.