Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3944 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
CVE-2006-1602 1 Phpnuke-clan 1 Phpnuke-clan 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear.
CVE-2006-1106 1 Pixelpost 1 Pixelpost 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
CVE-2006-1606 1 Exponent 1 Exponent Cms 2026-04-16 N/A
Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors.
CVE-2006-1752 1 Michiel Van Baak 1 Mvblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.
CVE-2006-1113 1 Gerrit Van Aaken 1 Loudblog 2026-04-16 N/A
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1755 1 Matthew Dingley 1 Md News 2026-04-16 N/A
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2026-04-16 N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2006-1123 1 D2ksoft 1 D2kblog 2026-04-16 N/A
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
CVE-2006-1126 1 Gallery Project 1 Gallery 2026-04-16 N/A
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
CVE-2006-1132 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
CVE-2006-1613 1 Aweb Labs 1 Awebnews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php.
CVE-2006-1133 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.
CVE-2004-0575 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
CVE-2004-0627 1 Mysql 1 Mysql 2026-04-16 N/A
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
CVE-2004-0628 1 Mysql 1 Mysql 2026-04-16 N/A
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
CVE-2004-0629 1 Adobe 2 Acrobat, Acrobat Reader 2026-04-16 N/A
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
CVE-2006-3636 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3637 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2006-3639 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."