Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2712 1 Secure Elements 1 Class 5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages.
CVE-2006-0118 1 Ibm 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes 2026-04-16 N/A
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.
CVE-2006-2746 1 Facile Interactive Web 1 Facile Interactive Web 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVE-2006-0142 1 Andromeda Software 1 Andromeda 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2748 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
CVE-2000-0260 1 Microsoft 2 Frontpage, Visual Interdev 2026-04-16 N/A
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
CVE-2006-0145 1 Netbsd 1 Netbsd 2026-04-16 N/A
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.
CVE-2001-0741 1 Cisco 1 Hsrp 2026-04-16 N/A
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
CVE-2006-0147 5 John Lim, Mantis, Moodle and 2 more 5 Adodb, Mantis, Moodle and 2 more 2026-04-16 N/A
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
CVE-2006-3803 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
CVE-2006-0148 1 Netsarang 1 Xlpd 2026-04-16 N/A
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.
CVE-2006-0153 1 427bb 1 Fourtwosevenbb 2026-04-16 N/A
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
CVE-2006-2757 1 Chipmunk Scripts 1 Chipmunk Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php.
CVE-2006-2523 1 Smartisoft 1 Phplistpro 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
CVE-2006-0174 1 Hummingbird 2 Collaboration, Enterprise Collaboration 2026-04-16 N/A
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.
CVE-2000-0170 2 Redhat, Turbolinux 2 Linux, Turbolinux 2026-04-16 N/A
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
CVE-2000-0263 1 Redhat 1 Linux 2026-04-16 N/A
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
CVE-2006-0176 1 Xmame 1 Xmame 2026-04-16 N/A
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
CVE-2006-0182 1 Acal 1 Calendar Project 2026-04-16 N/A
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".
CVE-2006-3727 1 Eskolar Cms 1 Eskolar Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.