Export limit exceeded: 20129 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5018 1 Contentkeeper Technologies 1 Contentkeeper 2026-04-23 N/A
ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.
CVE-2006-4694 1 Microsoft 1 Office 2026-04-23 N/A
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
CVE-2006-4697 1 Microsoft 5 Ie, Internet Explorer, Windows 2000 and 2 more 2026-04-23 N/A
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
CVE-2006-4702 1 Microsoft 3 Windows 2003 Server, Windows Media Player, Windows Xp 2026-04-23 N/A
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
CVE-2006-4807 1 Enlightenment 1 Imlib2 2026-04-23 N/A
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
CVE-2006-4842 2 Netscape, Sun 2 Portable Runtime Api, Solaris 2026-04-23 N/A
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2006-3876 1 Microsoft 1 Office 2026-04-23 N/A
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
CVE-2006-3888 1 Aol 1 Ygp Pic Downloader Activex Control 2026-04-23 N/A
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
CVE-2006-3890 2 Sky Software, Winzip 2 Fileview Activex Control, Winzip 2026-04-23 N/A
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
CVE-2006-3892 1 Emc 1 Networker 2026-04-23 N/A
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
CVE-2006-3894 1 Dell 2 Bsafe Cert-c, Bsafe Crypto-c 2026-04-23 N/A
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
CVE-2006-3896 1 Neoscale Systems 1 Cryptostor Tape 700 2026-04-23 N/A
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.
CVE-2006-5075 1 Sun 1 Solaris 2026-04-23 N/A
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
CVE-2006-5077 1 Minerva 1 Minerva 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5078 1 Polaring 1 Polaring 2026-04-23 N/A
PHP remote file inclusion vulnerability in view/general.php in Kristian Niemi Polaring 00.04.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[dirMain] parameter.
CVE-2006-5079 1 Php Arena 1 Pabugs 2026-04-23 N/A
PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.
CVE-2006-5080 1 Six Apart 1 Movable Type 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5081 1 Jl Webworks 1 Quickblogger 2026-04-23 N/A
PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-5084 1 Skype Technologies 1 Skype 2026-04-23 N/A
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
CVE-2006-5085 1 Pixel Motion 1 Pixel Motion Blog 2026-04-23 N/A
Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.