Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | ||||
| CVE-2006-4046 | 1 Open Cubic Player | 1 Open Cubic Player | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | ||||
| CVE-1999-1102 | 4 Apple, Bsd, Sgi and 1 more | 4 A Ux, Bsd, Irix and 1 more | 2026-04-16 | N/A |
| lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times. | ||||
| CVE-1999-1106 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | ||||
| CVE-1999-1110 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client. | ||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | ||||
| CVE-1999-1112 | 1 Irfanview | 1 Irfanview | 2026-04-16 | N/A |
| Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. | ||||
| CVE-2006-3398 | 1 Pkr Internet | 1 Taskjitsu | 2026-04-16 | N/A |
| The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. | ||||
| CVE-1999-1116 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. | ||||
| CVE-2006-4070 | 1 Imendio Planner | 1 Imendio Planner | 2026-04-16 | N/A |
| Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename. | ||||
| CVE-2006-4075 | 1 Wim Fleischhauer | 1 Docpile We | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php. | ||||
| CVE-2003-1175 | 1 Synthetic Reality | 1 Sympoll | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter. | ||||
| CVE-1999-1144 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges. | ||||
| CVE-1999-1150 | 1 Livingston Portmaster | 1 Portmaster | 2026-04-16 | N/A |
| Livingston Portmaster routers running ComOS use the same initial sequence number (ISN) for TCP connections, which allows remote attackers to conduct spoofing and hijack TCP sessions. | ||||
| CVE-1999-1174 | 1 Iomega | 1 Zip 100 Mb Drive | 2026-04-16 | N/A |
| ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk. | ||||
| CVE-2006-4158 | 1 Spaminator | 1 Spaminator | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-4163 | 1 Mywebland | 1 Minibloggie | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another researcher was unable to find a way to execute code after including it via a URL. CVE analysis as of 20060816 was inconclusive | ||||
| CVE-1999-1183 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. | ||||
| CVE-2006-4198 | 1 Wheatblog | 1 Wheatblog | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wb_class_dir parameter. | ||||
| CVE-2006-4210 | 1 Andreas Kansok | 1 Phpay | 2026-04-16 | N/A |
| nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these details are obtained from third party information. | ||||