Export limit exceeded: 361998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. | ||||
| CVE-2006-1510 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. | ||||
| CVE-2006-0853 | 1 Truenorth Software | 1 Ia Emailserver | 2026-04-16 | N/A |
| Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument. | ||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". | ||||
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | ||||
| CVE-2006-1511 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and 1.1 Framework might allow user-assisted attackers to execute arbitrary code via a .il file that calls a function with a long name. | ||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. | ||||
| CVE-2006-1513 | 1 Abc2ps | 1 Abc2ps | 2026-04-16 | N/A |
| Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files. | ||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | ||||
| CVE-2006-0858 | 1 Starforce | 1 Safe N Sec Personal \+ Anti-spyware | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | ||||
| CVE-2006-1514 | 1 Abcmidi | 1 Abcmidi | 2026-04-16 | N/A |
| Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript. | ||||
| CVE-2006-1688 | 1 Squery | 1 Squery | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled. | ||||
| CVE-2006-0859 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. | ||||
| CVE-2006-1520 | 1 Libspf | 1 Libspf | 2026-04-16 | N/A |
| Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address. | ||||
| CVE-2006-1689 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | ||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | ||||
| CVE-2006-1523 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. | ||||
| CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2026-04-16 | N/A |
| Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | ||||
| CVE-2006-1690 | 1 Manic Web | 1 Mwnewsletter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. | ||||
| CVE-2006-1694 | 1 Xbrite | 1 Xbrite Members | 2026-04-16 | N/A |
| SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||