Total
29901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5875 | 1 Enemies Of Carlotta | 1 Enemies Of Carlotta | 2026-04-23 | N/A |
| eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address". | ||||
| CVE-2006-5936 | 1 Sitexpress | 1 Sitexpress E-commerce System | 2026-04-23 | N/A |
| SQL injection vulnerability in dept.asp in SiteXpress E-Commerce System allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5961 | 1 Pegasus | 1 Mercury Mail Transport System | 2026-04-23 | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. | ||||
| CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2026-04-23 | N/A |
| adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-6050 | 1 Clicktech | 1 Texas Rankem | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. | ||||
| CVE-2006-6056 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. | ||||
| CVE-2006-6051 | 1 Mamboxchange | 1 Mosreporter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-6054 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. | ||||
| CVE-2006-6070 | 1 Asp-nuke | 1 Asp-nuke | 2026-04-23 | N/A |
| SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. | ||||
| CVE-2006-6079 | 1 Imendio Ab | 1 Loudmouth | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php. | ||||
| CVE-2006-6080 | 1 Gazatem Technologies | 1 Gnews Publisher | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter. | ||||
| CVE-2006-6089 | 1 Baalasp | 1 Baalasp Forum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field. | ||||
| CVE-2006-6128 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed. | ||||
| CVE-2006-6119 | 1 Mmgallery | 1 Mmgallery | 2026-04-23 | N/A |
| mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. | ||||
| CVE-2006-6123 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | ||||
| CVE-2006-6164 | 1 Openbsd | 1 Openbsd | 2026-04-23 | N/A |
| The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. | ||||
| CVE-2006-6181 | 1 Clicktech | 1 Clickcontact | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters. | ||||
| CVE-2006-6182 | 1 Gabriele Teotino | 1 Gnotebook | 2026-04-23 | N/A |
| The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | ||||
| CVE-2006-6190 | 1 Anna Irc Bot | 1 Anna\^ Irc Bot | 2026-04-23 | N/A |
| SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. | ||||
| CVE-2006-6179 | 1 Trend Micro | 1 Officescan | 2026-04-23 | N/A |
| Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. | ||||