Search Results (362530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0597 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes".
CVE-2006-0590 1 Jaia Interactive 1 Mytopix 2026-04-16 N/A
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2026-04-16 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
CVE-2006-0592 1 Lexmark 1 Printer Sharing 2026-04-16 N/A
Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended.
CVE-2006-0502 1 Farsinews 1 Farsinews 2026-04-16 N/A
PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter.
CVE-2006-0477 1 Git 1 Git 2026-04-16 N/A
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
CVE-2006-0476 1 Nullsoft 1 Winamp 2026-04-16 N/A
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-2006-0475 1 Theworldsend.net 1 Php-ping 2026-04-16 N/A
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
CVE-2006-0473 1 My Little Homepage 1 My Little Weblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
CVE-2006-0308 1 Htmltonuke 1 Htmltonuke 2026-04-16 N/A
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.
CVE-2006-0309 1 Linksys 1 Befvp41 2026-04-16 N/A
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
CVE-2006-0310 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
CVE-2006-0311 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0312 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
CVE-2006-0321 1 Fetchmail 1 Fetchmail 2026-04-16 N/A
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
CVE-2006-4988 1 Patrick Michaelis 1 Wili-cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors.
CVE-2006-0315 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
CVE-2006-0316 1 Aol 1 Aol Client Software 2026-04-16 N/A
Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-0317 1 Redkernel 1 Referrer Tracker 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-0318 1 Insane Visions 1 Blogphp 2026-04-16 N/A
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.