Export limit exceeded: 347180 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347180 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347180 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4456 | 1 Phpecard | 1 Phpecard | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2006-4434 | 1 Sendmail | 1 Sendmail | 2026-04-16 | 7.5 High |
| Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected." | ||||
| CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | ||||
| CVE-2006-4436 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. | ||||
| CVE-2006-4437 | 1 Venture Nine | 1 Tagger Le | 2026-04-16 | N/A |
| Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php. | ||||
| CVE-2006-4438 | 1 Doctor Web Ltd | 1 Dr.web | 2026-04-16 | N/A |
| Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. | ||||
| CVE-2006-4439 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | ||||
| CVE-2006-4442 | 1 Clemens Wacha | 1 Php Iaddressbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information. | ||||
| CVE-2006-4443 | 1 Alstrasoft | 1 Video Share Enterprise | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | ||||
| CVE-2006-4445 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion | ||||
| CVE-2006-4446 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. | ||||
| CVE-2006-4455 | 1 Xchat | 1 Xchat | 2026-04-16 | N/A |
| Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version" | ||||
| CVE-2006-4448 | 1 Interact Learning Community Environment | 1 Interact | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php. | ||||
| CVE-2006-4449 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer. | ||||
| CVE-2006-4450 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request. | ||||
| CVE-2006-4451 | 1 Cj Design | 1 Cj Tag Board | 2026-04-16 | N/A |
| Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php. | ||||
| CVE-2006-4452 | 1 Web3king | 1 Web3news | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter. | ||||
| CVE-2006-4453 | 1 Pmwiki | 1 Pmwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups". | ||||
| CVE-2006-4454 | 1 Hlstats | 1 Hlstats | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2006-4458 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter. | ||||