Export limit exceeded: 20007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1617 1 Advanced Poll 1 Advanced Poll 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616.
CVE-2006-1158 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.
CVE-2006-1618 1 Doomsday 1 Doomsday 2026-04-16 N/A
Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments.
CVE-2006-1159 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.
CVE-2006-1160 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file.
CVE-2006-1161 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
CVE-2006-1620 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
CVE-2006-1760 1 Jetphotosoft.com 1 Jetphoto 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php.
CVE-2006-1162 1 Nodez 1 Nodez 2026-04-16 N/A
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
CVE-2006-1163 1 Nodez 1 Nodez 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability.
CVE-2006-1164 1 Nodez 1 Nodez 2026-04-16 N/A
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
CVE-2006-1621 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter.
CVE-2006-1761 1 Blursoft 1 Blur6ex 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
CVE-2006-1165 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."
CVE-2006-1622 1 Phpselect 1 Phpselect 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php.
CVE-2006-1166 1 Monotone 1 Monotone 2026-04-16 N/A
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.
CVE-2006-1168 2 Ncompress, Redhat 2 Ncompress, Enterprise Linux 2026-04-16 N/A
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
CVE-2006-1172 1 Tdc 1 Cryptomathic Cenroll Activex Control 2026-04-16 N/A
Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signature.
CVE-2006-1762 1 Blursoft 1 Blur6ex 2026-04-16 N/A
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.
CVE-2006-1173 2 Redhat, Sendmail 2 Enterprise Linux, Sendmail 2026-04-16 N/A
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.