Search Results (366468 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2273 1 Verisign 1 I-nav 2026-04-16 N/A
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.
CVE-2006-2275 3 Canonical, Lksctp, Redhat 3 Ubuntu Linux, Stream Control Transmission Protocol, Enterprise Linux 2026-04-16 7.5 High
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
CVE-2006-2278 1 Arabless 1 Saphplesson 2026-04-16 N/A
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
CVE-2006-2285 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2026-04-16 N/A
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2006-1997 1 Sybase 1 Pylon Anywhere 2026-04-16 N/A
Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.
CVE-2006-3606 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
CVE-2006-1991 1 Php 1 Php 2026-04-16 N/A
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2006-3599 1 Php-nuke 1 Advanced Classified Module 2026-04-16 N/A
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
CVE-2006-1988 1 Apple 1 Safari 2026-04-16 N/A
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.
CVE-2006-3597 1 Ubuntu 1 Ubuntu Linux 2026-04-16 N/A
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
CVE-2006-1983 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
CVE-2006-3588 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
CVE-2006-3399 1 Moniwiki 1 Moniwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.
CVE-2006-3400 2 Id Software, Raven Software 2 Quake 3 Engine, Soldier Of Fortune 2 2026-04-16 N/A
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server.
CVE-2006-3402 1 Virtuastore 1 Virtuastore 2026-04-16 N/A
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.
CVE-2006-3403 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
CVE-2006-1497 1 Vihor 1 Vihordesign 2026-04-16 N/A
Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.
CVE-2006-3406 1 Qto 1 Qtofilemanager 2026-04-16 N/A
Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter.
CVE-2006-1516 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
CVE-2006-3426 2 Lumension, Novell 2 Patchlink Update Server, Zenworks 2026-04-16 N/A
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.