Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0379 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. | ||||
| CVE-2006-3491 | 1 Christophe Thibault | 1 Kaillera | 2026-04-16 | N/A |
| Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname. | ||||
| CVE-2006-0395 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | ||||
| CVE-2006-0410 | 1 John Lim | 1 Adodb | 2026-04-16 | N/A |
| SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | ||||
| CVE-2006-0418 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2026-04-16 | N/A |
| Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. | ||||
| CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | ||||
| CVE-2006-0446 | 1 Webwork | 1 Webwork | 2026-04-16 | N/A |
| Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | ||||
| CVE-2006-3696 | 1 Agnitum | 1 Outpost Firewall | 2026-04-16 | N/A |
| filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe. | ||||
| CVE-2006-0464 | 1 Ideosoft Design | 1 Ideocontent Manager | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | ||||
| CVE-2006-0477 | 1 Git | 1 Git | 2026-04-16 | N/A |
| Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. | ||||
| CVE-2006-3831 | 1 Kailash Nadh | 1 Boastmachine | 2026-04-16 | N/A |
| The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file. | ||||
| CVE-2006-0503 | 1 Mailenable | 1 Mailenable Professional | 2026-04-16 | N/A |
| IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. | ||||
| CVE-2006-0513 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2026-04-16 | N/A |
| Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2006-3957 | 1 Bosdev | 1 Bosdates | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter. | ||||
| CVE-2006-0528 | 1 Gnome | 1 Evolution | 2026-04-16 | N/A |
| The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | ||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | ||||
| CVE-2006-0551 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in the Data Pump Metadata API in Oracle Database 10g and possibly earlier might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB06 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0259 or, if it is DB05, subsumed by CVE-2006-0260. | ||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | ||||
| CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2006-0570 | 1 Hinton Design | 1 Phpstatus | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface. | ||||