Search Results (362652 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0912 1 Oreka 1 Oreka 2026-04-16 N/A
Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence."
CVE-2006-0913 1 Mozilla 1 Bugzilla 2026-04-16 N/A
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi.
CVE-2006-0915 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error.
CVE-2006-0917 1 Melange 1 Melange Chat System 2026-04-16 N/A
Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP headers and possibly gain sensitive information, such as credentials, by setting up a listening port and reading the credentials when the victim clicks on the link.
CVE-2006-0924 1 Brown Bear Software 1 Ical 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0925 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
CVE-2006-0926 1 Smithmicro 4 Stuffit Deluxe, Stuffit Expander, Stuffit Standard and 1 more 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
CVE-2006-0929 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command.
CVE-2006-0930 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.
CVE-2006-0931 1 Pear 1 Pear Archive Tar 2026-04-16 N/A
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
CVE-2006-0932 1 Pear 1 Pear Archive Zip 2026-04-16 N/A
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
CVE-2006-0933 1 Phpx 1 Phpx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0934 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form.
CVE-2006-0938 1 Ez 1 Ez Publish 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
CVE-2006-0939 1 Dci-designs 1 Dci-taskeen 2026-04-16 N/A
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b) cat.php.
CVE-2006-0940 1 Cynical Games 1 Shoutlive 2026-04-16 N/A
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.
CVE-2006-0941 1 Cynical Games 1 Shoutlive 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages.
CVE-2006-0942 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
CVE-2006-0943 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2006-0944 1 Archangelmgt 1 Weblog 2026-04-16 N/A
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1.