Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2026-04-16 | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | ||||
| CVE-2006-0523 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | ||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | ||||
| CVE-2006-0549 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259. | ||||
| CVE-2006-4165 | 1 Netcommons | 1 Netcommons | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | ||||
| CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | ||||
| CVE-2006-0579 | 1 Mplayer | 1 Mplayer | 2026-04-16 | N/A |
| Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-2006-0605 | 1 Unknown Domain | 1 Shoutbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. | ||||
| CVE-2006-0609 | 1 Hinton Design | 1 Phphd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-4460 | 1 Clemens Wacha | 1 Php Iaddressbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-4499 | 1 Moderngigabyte | 1 Modernbill | 2026-04-16 | N/A |
| ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack. | ||||
| CVE-2006-0618 | 1 Qnx | 1 Neutrino Rtos | 2026-04-16 | N/A |
| Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name). | ||||
| CVE-2006-4496 | 1 Iwebnegar | 1 Iwebnegar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | ||||
| CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | ||||
| CVE-2006-0635 | 1 Fabrice Bellard | 1 Tiny C Compiler | 2026-04-16 | N/A |
| Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | ||||
| CVE-2006-0645 | 2 Free Software Foundation Inc., Redhat | 2 Libtasn1, Enterprise Linux | 2026-04-16 | N/A |
| Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | ||||
| CVE-2006-4746 | 1 Comscripts | 1 Web Server Creator | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | ||||
| CVE-2006-4787 | 1 Alphamail | 1 Alphamail | 2026-04-16 | N/A |
| AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information. | ||||