Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1339 1 Cutephp 1 Cutenews 2026-04-16 N/A
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request.
CVE-2006-1340 1 Cutephp 1 Cutenews 2026-04-16 N/A
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
CVE-2006-1341 1 Maian Events 1 Maian Events 2026-04-16 N/A
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
CVE-2006-1342 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1343 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1344 1 Verisign 1 Mpki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter.
CVE-2006-1347 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-1348 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
CVE-2006-1349 1 Musicbox 1 Musicbox 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
CVE-2006-1350 1 Articlesone 1 99articles Directory 2026-04-16 N/A
PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-1351 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
CVE-2006-1352 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVE-2006-1354 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
CVE-2006-1356 1 Andrew Hsu 2 Libvc, Rolo 2026-04-16 N/A
Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.
CVE-2006-1357 1 F5 1 Firepass 4100 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2006-1358 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.
CVE-2006-1363 1 Justin White 1 Freewps 2026-04-16 N/A
images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.
CVE-1999-0495 2026-04-16 N/A
A remote attacker can gain access to a file system using .. (dot dot) when accessing SMB shares.
CVE-2006-1373 1 Php Live 1 Php Live 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.
CVE-2006-1374 1 Brain Book Software 1 Adman 2026-04-16 N/A
SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.