Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4234 | 1 Dotproject | 1 Dotproject | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | ||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2026-04-16 | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | ||||
| CVE-2006-4236 | 1 Powergap | 2 Powergap Business, Powergap Lite | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | ||||
| CVE-2006-4237 | 1 Invisionix Systems | 1 Invisionix Roaming System Remote | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. | ||||
| CVE-2006-4238 | 1 Wtcom | 1 Web Torrent | 2026-04-16 | N/A |
| SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. | ||||
| CVE-2006-4239 | 1 Outreach Project Tool | 1 Opt Max | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. | ||||
| CVE-2006-4240 | 1 Fusionphp | 1 Fusion News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | ||||
| CVE-2006-4253 | 4 K-meleon Project, Mozilla, Netscape and 1 more | 4 K-meleon, Firefox, Navigator and 1 more | 2026-04-16 | N/A |
| Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected. | ||||
| CVE-2006-4257 | 1 Ibm | 1 Db2 | 2026-04-16 | N/A |
| IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | ||||
| CVE-2006-4264 | 1 Mambo | 1 Mtg Myhomepage Component | 2026-04-16 | 9.8 Critical |
| Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage" | ||||
| CVE-2006-4266 | 1 Symantec | 1 Norton Personal Firewall | 2026-04-16 | N/A |
| Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. | ||||
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level. | ||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file | ||||
| CVE-2006-4288 | 1 Mambo | 1 A6mambocredits Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | ||||
| CVE-2006-4304 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2026-04-16 | N/A |
| Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. | ||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2026-04-16 | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | ||||
| CVE-2006-4308 | 1 Blackboard | 3 Blackboard, Blackboard Learning And Community Portal Suite, Vista | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | ||||
| CVE-2006-4312 | 1 Cisco | 9 Adaptive Security Appliance, Pix Firewall 501, Pix Firewall 506 and 6 more | 2026-04-16 | N/A |
| Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. | ||||
| CVE-2006-4313 | 1 Cisco | 1 Vpn 3000 Concentrator Series Software | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. | ||||