Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1109 1 Totalecommerce 1 Totalecommerce 2026-04-16 N/A
SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE.
CVE-2006-1110 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.
CVE-2006-1112 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.
CVE-2006-1113 1 Gerrit Van Aaken 1 Loudblog 2026-04-16 N/A
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1114 1 Gerrit Van Aaken 1 Loudblog 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2026-04-16 N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2006-1116 1 Ncipher 1 Ncore 2026-04-16 N/A
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
CVE-2006-1117 1 Ncipher 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more 2026-04-16 N/A
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVE-2006-1118 1 Bmail 1 Bmail 2026-04-16 N/A
SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets.
CVE-2006-1121 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
CVE-2006-1122 1 D2ksoft 1 D2kblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-1123 1 D2ksoft 1 D2kblog 2026-04-16 N/A
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
CVE-2006-1124 1 Revilloc Solutions 1 Revilloc Mailserver 2026-04-16 N/A
Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.
CVE-2006-1125 1 Grisoft 1 Avg Antivirus 2026-04-16 N/A
Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.
CVE-2006-1126 1 Gallery Project 1 Gallery 2026-04-16 N/A
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
CVE-2006-1144 1 David Ravenscroft 1 Hithost 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in viewuser.php.
CVE-2006-1145 1 Cor Entertainment 1 Alien Arena 2006 2026-04-16 N/A
Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages to the clients.
CVE-2006-1146 1 Cor Entertainment 1 Alien Arena 2006 2026-04-16 N/A
Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server.
CVE-2006-1147 1 Cor Entertainment 1 Alien Arena 2006 2026-04-16 N/A
The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, weapon, or model name.
CVE-2006-1149 1 Owl 1 Owl Intranet Engine 2026-04-16 N/A
PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.