Search Results (363249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3364 1 F-art Agency 1 Blog Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3368 1 Efone 1 Efone 2026-04-16 N/A
Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2006-3369 1 Iduprey 1 Kamikaze-qscm 2026-04-16 N/A
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3370 1 Bb-news 1 Blueboy 2026-04-16 N/A
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3371 1 Eupla 1 Foros 2026-04-16 N/A
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-3372 1 Apple 1 Safari 2026-04-16 N/A
Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.
CVE-2006-3373 1 Hobbit Monitor 1 Hobbit Monitor 2026-04-16 N/A
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.
CVE-2006-3377 1 Jmb Software 1 Autorank 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi.
CVE-2006-3378 1 Ubuntu 1 Ubuntu Linux 2026-04-16 N/A
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
CVE-2006-3379 1 Hiki Wiki 1 Hiki Wiki 2026-04-16 N/A
Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.
CVE-2006-3380 1 Freestyle 1 Freestyle Wiki 2026-04-16 N/A
Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.
CVE-2006-3381 1 Sturgeon Upload 1 Sturgeon Upload 2026-04-16 N/A
SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product.
CVE-2006-3384 1 Vincent Leclercq 1 News 2026-04-16 N/A
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.
CVE-2006-3385 1 Vincent Leclercq 1 News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters.
CVE-2006-3386 1 Vincent Leclercq 1 News 2026-04-16 N/A
index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values.
CVE-2006-3388 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.
CVE-2006-3408 1 Tor 1 Tor 2026-04-16 N/A
Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.
CVE-2006-3402 1 Virtuastore 1 Virtuastore 2026-04-16 N/A
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.
CVE-2006-3403 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.
CVE-2006-3404 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2026-04-16 N/A
Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.