Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3742 | 1 Kde | 1 Kdebase | 2025-04-03 | N/A |
| The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. | ||||
| CVE-2006-3743 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. | ||||
| CVE-2006-3746 | 2 Gnupg, Redhat | 2 Gnupg, Enterprise Linux | 2025-04-03 | N/A |
| Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message. | ||||
| CVE-2006-3752 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters. | ||||
| CVE-2006-3753 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2025-04-03 | N/A |
| setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash. | ||||
| CVE-2006-3754 | 1 Flushcms | 1 Flushcms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. | ||||
| CVE-2006-3755 | 1 Flushcms | 1 Flushcms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3757 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | N/A |
| index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability. | ||||
| CVE-2006-3758 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. | ||||
| CVE-2006-3759 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." | ||||
| CVE-2006-3760 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2006-3762 | 1 Touch Control | 1 Activex Control | 2025-04-03 | N/A |
| The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function. | ||||
| CVE-2006-3763 | 1 Dieselscripts | 1 Diesel Joke Site | 2025-04-03 | N/A |
| SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3764 | 1 Till Gerken | 1 Phppolls | 2025-04-03 | N/A |
| Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create. | ||||
| CVE-2006-3765 | 1 Huttenlocher Webdesign | 1 Hwdeguest | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php. | ||||
| CVE-2006-3766 | 1 Darrens 5-dollar Script Archive | 1 Osdate | 2025-04-03 | N/A |
| Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10. | ||||
| CVE-2006-3767 | 1 Darrens 5-dollar Script Archive | 1 Osdate | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment. | ||||
| CVE-2006-3768 | 1 Intervations | 1 Filecopa | 2025-04-03 | N/A |
| Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow. | ||||
| CVE-2006-3769 | 1 Top Xl | 1 Top Xl | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php. | ||||
| CVE-2006-3770 | 1 Phpfaber | 1 Topsites | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters. | ||||