Export limit exceeded: 351382 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351382 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-23 | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | ||||
| CVE-2006-6949 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2006-6950 | 1 Conti | 1 Ftpserver | 2026-04-23 | N/A |
| Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument. | ||||
| CVE-2006-6952 | 1 Ca | 1 Host-based Intrusion Prevention System | 2026-04-23 | N/A |
| Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers. | ||||
| CVE-2006-6959 | 1 Webroot Software | 1 Spy Sweeper | 2026-04-23 | N/A |
| WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. | ||||
| CVE-2006-6963 | 1 Docebo | 1 Docebo | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. | ||||
| CVE-2006-6964 | 1 Mailenable | 1 Mailenable Professional | 2026-04-23 | N/A |
| MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. | ||||
| CVE-2006-6966 | 1 Phpgraphy | 1 Phpgraphy | 2026-04-23 | N/A |
| phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy. | ||||
| CVE-2006-6968 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-3875 | 1 Microsoft | 2 Excel, Excel Viewer | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867. | ||||
| CVE-2006-6980 | 1 Magnatune.com | 1 Album Browser | 2026-04-23 | N/A |
| The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2006-6982 | 1 3proxy | 1 3proxy | 2026-04-23 | N/A |
| 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | ||||
| CVE-2006-6983 | 1 Myweb4net | 1 Myweb4net Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6986 | 1 Phaseout | 1 Phaseout | 2026-04-23 | N/A |
| Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6987 | 1 Softinform | 1 Finebrowser | 2026-04-23 | N/A |
| Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6989 | 1 Netcaptor | 1 Netcaptor | 2026-04-23 | N/A |
| Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6990 | 1 Advanced Search Technologies Inc. | 1 Enigma Browser | 2026-04-23 | N/A |
| Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | ||||
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2026-04-23 | N/A |
| mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | ||||
| CVE-2006-6996 | 1 The War Forge | 1 Warforge.news | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-7001 | 1 Phpmychat Plus | 1 Phpmychat Plus | 2026-04-23 | N/A |
| Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||