Search Results (363249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0478 1 Cre Loaded 1 Cre Loaded 2026-04-16 N/A
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
CVE-2006-0486 1 Cisco 1 Ios 2026-04-16 N/A
Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770.
CVE-2006-0503 1 Mailenable 1 Mailenable Professional 2026-04-16 N/A
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
CVE-2006-0537 1 Kinesphere Corporation 1 Exchange Pop3 2026-04-16 N/A
Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument.
CVE-2006-0541 1 Tachyon 1 Vanilla Guestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages."
CVE-2006-0549 1 Oracle 1 Database Server 2026-04-16 N/A
SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB05 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0260. However, there are some inconsistencies that make this unclear, and there is also a possibility that this is related to DB06, which is subsumed by CVE-2006-0259.
CVE-2006-0576 2 Maynard Johnson, Redhat 2 Oprofile, Enterprise Linux 2026-04-16 N/A
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
CVE-2006-0585 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (application crash) via a Shockwave Flash object that contains ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, which triggers a null dereference.
CVE-2006-0598 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
CVE-2006-0633 1 Invisionpower 1 Invision Power Board 2026-04-16 N/A
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
CVE-2006-0648 1 Php Icalendar 1 Php Icalendar 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.
CVE-2006-0656 1 Hp 1 Systems Insight Manager 2026-04-16 N/A
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006.
CVE-2006-0669 1 Gasoft 1 Gas Forum Light 2026-04-16 N/A
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
CVE-2006-0670 1 Bluez Project 1 Hcidump 2026-04-16 N/A
Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
CVE-2006-0673 1 Reamday Enterprises 1 Magic Calendar Lite 2026-04-16 N/A
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.
CVE-2006-0682 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-0683 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file.
CVE-2006-0690 1 Scheduling Management.com 1 Time Tracking Software 2026-04-16 N/A
Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-0694 1 Ansilove 1 Ansilove 2026-04-16 N/A
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".
CVE-2006-0695 1 Ansilove 1 Ansilove 2026-04-16 N/A
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.