Export limit exceeded: 367117 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367117 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3416 1 Tor 1 Tor 2026-04-16 N/A
Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE
CVE-2006-3643 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
CVE-2006-3947 1 Mambo 1 Mambatstaff 2026-04-16 N/A
PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3948 1 Php-nuke 1 Inp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2006-3952 1 Efs Software 1 Efs Ftp Server 2026-04-16 N/A
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3953 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
CVE-2006-3958 1 Pkr Internet 1 Taskjitsu 2026-04-16 N/A
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
CVE-2006-3959 1 X-scripts 1 X-statistics 2026-04-16 N/A
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
CVE-2006-3960 1 X-scripts 1 X-poll 2026-04-16 N/A
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3961 1 Mcafee 9 Antispyware, Internet Security Suite, Personal Firewall Plus and 6 more 2026-04-16 N/A
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVE-2006-4525 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
CVE-1999-0294 1 Microsoft 1 Wins 2026-04-16 N/A
All records in a WINS database can be deleted through SNMP for a denial of service.
CVE-1999-0506 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
CVE-1999-0961 1 Hp 1 Hp-ux 2026-04-16 N/A
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
CVE-2004-0941 3 Gd Graphics Library, Redhat, Trustix 3 Gdlib, Enterprise Linux, Secure Linux 2026-04-16 N/A
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
CVE-2005-0134 1 Sco 1 Unixware 2026-04-16 N/A
The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.
CVE-2005-1652 1 Woppoware 1 Postmaster 2026-04-16 N/A
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.
CVE-2006-1214 1 Unreal 1 Unrealircd 2026-04-16 N/A
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
CVE-2006-3204 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.
CVE-2006-4821 1 Drupal 1 Drupal Userreview Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.