Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1605 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | ||||
| CVE-2006-1606 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | ||||
| CVE-2006-1607 | 1 Exponent | 1 Exponent Cms | 2026-04-16 | N/A |
| Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors. | ||||
| CVE-2006-1608 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. | ||||
| CVE-2006-1609 | 1 Hitachi | 4 Xfit S, Xfit S Jca, Xfit S Zengin and 1 more | 2026-04-16 | N/A |
| Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly". | ||||
| CVE-2006-1612 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | ||||
| CVE-2006-1613 | 1 Aweb Labs | 1 Awebnews | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. | ||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | ||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | ||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2026-04-16 | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | ||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | ||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | ||||
| CVE-2006-1624 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | ||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | ||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2026-04-16 | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | ||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2026-04-16 | N/A |
| OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | ||||
| CVE-2006-1630 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." | ||||
| CVE-2006-1631 | 1 Cisco | 1 Content Services Switch 11500 | 2026-04-16 | N/A |
| Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. | ||||
| CVE-2006-1634 | 1 Lucidcms | 1 Lucidcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter. | ||||