Export limit exceeded: 362716 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362716 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1302 1 Microsoft 2 Excel, Excel Viewer 2026-04-16 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
CVE-2006-1021 1 Pehepe 2 Membership Management System, Uyelik Sistemi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable).
CVE-2006-1022 1 Pehepe 1 Membership Management System 2026-04-16 N/A
PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE.
CVE-2006-1023 1 Hp 1 System Management Homepage 2026-04-16 N/A
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
CVE-2006-1024 1 Addsoft 1 Storebot 2026-04-16 N/A
SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 Professional allows remote attackers to execute arbitrary SQL commands via the Pwd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1025 1 Addsoft 1 Storebot 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1026 1 Jfacets 1 Jfacets 2026-04-16 N/A
JFacets before 0.2 allows remote attackers to gain privileges as any account via a GET request with a modified account profileID.
CVE-2006-1030 1 Joomla 1 Joomla 2026-04-16 N/A
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
CVE-2006-1031 1 Igenus 1 Igenus Webmail 2026-04-16 N/A
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.
CVE-2006-1032 1 Phprpc 1 Phprpc 2026-04-16 N/A
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
CVE-2006-1034 1 Woltlab 1 Burning Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.
CVE-2006-1035 1 Oracle 2 Diagnostics, E-business Suite 2026-04-16 N/A
Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors.
CVE-2006-1039 1 Sap 1 Sap Web Application Server 2026-04-16 N/A
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
CVE-2006-1715 1 Tugzip 1 Tugzip 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.
CVE-2006-2120 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
CVE-2006-1059 1 Samba 1 Samba 2026-04-16 N/A
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
CVE-2006-1060 1 Xzgv 1 Xzgv 2026-04-16 N/A
Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.
CVE-2006-1061 1 Daniel Stenberg 1 Curl 2026-04-16 N/A
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
CVE-2006-1062 1 Lurker 1 Lurker 2026-04-16 N/A
Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.
CVE-2000-0927 1 Wquinn 1 Quotaadvisor 2026-04-16 N/A
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.