Export limit exceeded: 360226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0206 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2026-04-16 | N/A |
| Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | ||||
| CVE-2006-0207 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | ||||
| CVE-2006-0209 | 1 Tanklogger | 1 Tanklogger | 2026-04-16 | N/A |
| SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | ||||
| CVE-2006-0228 | 1 Grsecurity | 1 Grsecurity Kernel Patch | 2026-04-16 | N/A |
| The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active. | ||||
| CVE-2006-0221 | 1 Ddsn | 1 Cm3cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | ||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. | ||||
| CVE-2006-0223 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | ||||
| CVE-2006-0224 | 1 Libast | 1 Libast | 2026-04-16 | N/A |
| Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name). | ||||
| CVE-2006-0225 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2026-04-16 | N/A |
| scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | ||||
| CVE-2006-0226 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames. | ||||
| CVE-2006-0227 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. | ||||
| CVE-2006-0231 | 1 Symantec | 1 Antivirus Scan Engine | 2026-04-16 | N/A |
| Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | ||||
| CVE-2006-0233 | 1 Microblog | 1 Microblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag. | ||||
| CVE-2006-0234 | 1 Microblog | 1 Microblog | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. | ||||
| CVE-2006-0235 | 1 White Angle | 1 White Album | 2026-04-16 | N/A |
| SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php. | ||||
| CVE-2006-0267 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. | ||||
| CVE-2006-0246 | 1 Widexl | 1 Download Tracker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | ||||
| CVE-2006-0247 | 1 Netbula | 1 Anyboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command. | ||||
| CVE-2006-0248 | 1 Intracom | 1 Jetspeed | 2026-04-16 | N/A |
| Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests. | ||||
| CVE-2006-0249 | 1 Bitdamaged | 1 Geoblog | 2026-04-16 | N/A |
| SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). | ||||