Search Results (363117 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2429 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".
CVE-2006-2430 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
CVE-2006-2431 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.
CVE-2006-2432 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.
CVE-2006-2433 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".
CVE-2006-2434 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.
CVE-2006-2443 1 Knowledgetree 1 Knowledgetree 2026-04-16 N/A
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.
CVE-2006-2446 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
CVE-2006-2447 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2026-04-16 N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2006-2448 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
CVE-2006-2449 2 Kde, Redhat 2 Kde, Enterprise Linux 2026-04-16 N/A
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2450 1 Libvncserver 1 Libvncserver 2026-04-16 N/A
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
CVE-2006-2451 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2006-2459 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
CVE-2006-2461 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
CVE-2006-2462 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
CVE-2006-2468 1 Bea 1 Weblogic Server 2026-04-16 N/A
The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.
CVE-2006-2469 1 Bea 1 Weblogic Server 2026-04-16 N/A
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
CVE-2006-2470 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.
CVE-2006-2477 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.