Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2309 1 Etype 1 Eserv 2026-04-16 N/A
The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script files.
CVE-2006-2310 1 New Atlanta Communications 2 Bluedragon Server, Bluedragon Server Jx 2026-04-16 N/A
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.
CVE-2006-2311 1 New Atlanta Communications 2 Bluedragon Server, Bluedragon Server Jx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page.
CVE-2006-4089 1 Andy Lo-a-foe 1 Alsaplayer 2026-04-16 N/A
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2006-1864 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
CVE-2006-2313 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
CVE-2006-4091 1 Archangelmgt 1 Weblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
CVE-2006-4102 1 Falko Timme And Till Brehm 1 Sqlitewebadmin 2026-04-16 N/A
PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.
CVE-2006-2331 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.
CVE-2006-4161 1 Xennobb 1 Xennobb 2026-04-16 N/A
Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.
CVE-2006-1572 1 O2php.com 1 Oxygen 2026-04-16 N/A
SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.
CVE-2006-1863 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
CVE-2006-2332 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.
CVE-2006-2333 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
CVE-2006-2335 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
CVE-2006-2336 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
CVE-2006-4162 1 Cpg-nuke 1 Dragonfly Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2006-1571 1 R2xdesign 1 Qlitenews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2006-1907 1 Mywebland 1 Myevent 2026-04-16 N/A
Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1862 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.