Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0436 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | ||||
| CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | ||||
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. | ||||
| CVE-2006-0447 | 1 E-post Corporation | 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon | 2026-04-16 | N/A |
| Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | ||||
| CVE-2001-1156 | 1 Typsoft | 1 Typsoft Ftp Server | 2026-04-16 | N/A |
| TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. | ||||
| CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | ||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | ||||
| CVE-2006-0453 | 1 Redhat | 2 Directory Server, Fedora Core | 2026-04-16 | N/A |
| The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite. | ||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | ||||
| CVE-2006-0460 | 1 Bomberclone | 1 Bomberclone | 2026-04-16 | N/A |
| Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages. | ||||
| CVE-2006-0462 | 1 Andonet | 1 Andonet Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. | ||||
| CVE-2006-0465 | 1 Active121 | 1 Site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. | ||||
| CVE-2001-1172 | 1 Omnisecure | 1 Httprotect | 2026-04-16 | N/A |
| OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. | ||||
| CVE-2006-2257 | 1 Faktorystudios | 1 Easyevent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. | ||||
| CVE-2006-0466 | 1 Goldstag | 1 Goldstag Content Management System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | ||||
| CVE-2001-1179 | 1 Xfree86 Project | 1 X11r6 | 2026-04-16 | N/A |
| xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. | ||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2026-04-16 | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | ||||
| CVE-2006-0478 | 1 Cre Loaded | 1 Cre Loaded | 2026-04-16 | N/A |
| CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment." | ||||