Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0172 1 Hummingbird 1 Enterprise Collaboration 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.
CVE-2006-0191 1 Sun 1 Solaris 2026-04-16 N/A
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.
CVE-2006-1576 1 Vscripts.pl 1 Qlnews 2026-04-16 N/A
Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.
CVE-2006-0358 1 Powerportal 1 Powerportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2006-0925 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
CVE-2001-1003 1 Webct 1 Respondus 2026-04-16 N/A
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
CVE-2006-0294 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.
CVE-1999-1558 1 Digital 2 Digital Openvms, Digital Openvms Axp 2026-04-16 N/A
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
CVE-2006-0320 1 Bit 5 Blog 1 Bit 5 Blog 2026-04-16 N/A
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.
CVE-2006-0937 1 Unu Networks 1 Mailgust 2026-04-16 N/A
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.
CVE-2006-0328 1 Philippe Jounin 1 Tftpd32 2026-04-16 N/A
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
CVE-1999-1489 1 Slackware 1 Slackware Linux 2026-04-16 N/A
Buffer overflow in TestChip function in XFree86 SuperProbe in Slackware Linux 3.1 allows local users to gain root privileges via a long -nopr argument.
CVE-2006-0331 1 Thiago Melo De Paula 1 Change Passwd 2026-04-16 N/A
Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments.
CVE-2006-0940 1 Cynical Games 1 Shoutlive 2026-04-16 N/A
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
CVE-2006-0334 1 Freekrai.net 1 My Amazon Store Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords".
CVE-1999-0195 2 Linux, Sgi 2 Linux Kernel, Irix 2026-04-16 N/A
Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.
CVE-2006-0941 1 Cynical Games 1 Shoutlive 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.
CVE-2006-0344 1 Intervations 1 Filecopa 2026-04-16 N/A
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands.
CVE-2006-0507 1 Easy Cms 1 Easy Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.
CVE-2006-0512 1 Padl Software 1 Migrationtools 2026-04-16 N/A
PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.