Export limit exceeded: 347228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4384 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. | ||||
| CVE-2006-4385 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. | ||||
| CVE-2006-4389 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. | ||||
| CVE-2006-4417 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | ||||
| CVE-2006-4419 | 1 Promanager | 1 Promanager | 2026-04-16 | N/A |
| SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | ||||
| CVE-2006-4420 | 1 Phaos | 1 Phaos | 2026-04-16 | N/A |
| Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter. | ||||
| CVE-2006-4422 | 1 Jetbox | 1 Jetbox Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8 | ||||
| CVE-2006-4423 | 1 Bigace | 1 Bigace | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php. | ||||
| CVE-2006-4424 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | ||||
| CVE-2006-4426 | 1 Albert | 1 Albert-easysite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | ||||
| CVE-2006-4427 | 1 Efiction | 1 Efiction | 2026-04-16 | N/A |
| index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | ||||
| CVE-2006-4429 | 1 Phlymail | 1 Phlymail Lite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly | ||||
| CVE-2006-4430 | 1 Cisco | 2 Network Admission Control, Network Admission Control Manager And Server System Software | 2026-04-16 | N/A |
| The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms. | ||||
| CVE-2006-4431 | 1 Zend | 1 Zend Platform | 2026-04-16 | N/A |
| Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID). | ||||
| CVE-2006-4456 | 1 Phpecard | 1 Phpecard | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2006-4434 | 1 Sendmail | 1 Sendmail | 2026-04-16 | 7.5 High |
| Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected." | ||||
| CVE-2006-4435 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | ||||
| CVE-2006-4436 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. | ||||
| CVE-2006-4437 | 1 Venture Nine | 1 Tagger Le | 2026-04-16 | N/A |
| Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php. | ||||
| CVE-2006-4438 | 1 Doctor Web Ltd | 1 Dr.web | 2026-04-16 | N/A |
| Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. | ||||