Total
29942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3578 | 1 Fujitsu | 1 Serverview | 2026-04-16 | N/A |
| Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | ||||
| CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | ||||
| CVE-2006-0447 | 1 E-post Corporation | 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon | 2026-04-16 | N/A |
| Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | ||||
| CVE-2006-0463 | 1 Ideosoft Design | 1 Ideocontent Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. | ||||
| CVE-2006-0466 | 1 Goldstag | 1 Goldstag Content Management System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2006-0496 | 1 Mozilla | 2 Firefox, Mozilla | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. | ||||
| CVE-2006-0501 | 1 Punctweb | 1 Myco Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user. | ||||
| CVE-2006-0507 | 1 Easy Cms | 1 Easy Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form. | ||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2026-04-16 | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | ||||
| CVE-2006-0520 | 1 Dragoran | 1 Portal Module | 2026-04-16 | N/A |
| SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0524 | 1 Ashwebstudio | 1 Ashnews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | ||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | ||||
| CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2006-0571 | 1 Hinton Design | 1 Phpstatus | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | ||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | ||||
| CVE-2006-4338 | 2 Gzip, Redhat | 2 Gzip, Enterprise Linux | 2026-04-16 | N/A |
| unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. | ||||
| CVE-2006-0605 | 1 Unknown Domain | 1 Shoutbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. | ||||
| CVE-2006-0609 | 1 Hinton Design | 1 Phphd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||