Export limit exceeded: 348055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3681 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. | ||||
| CVE-2006-3682 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. | ||||
| CVE-2006-3684 | 1 Softcomplex | 1 Php Event Calendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extract function call. | ||||
| CVE-2006-3685 | 1 Czaries Network | 1 Czarnews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859. | ||||
| CVE-2006-3687 | 2 D-link, Dlink | 7 Di-604 Broadband Router, Di-784, Ebr-2310 Ethernet Broadband Router and 4 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900. | ||||
| CVE-2006-3689 | 1 Codeworks | 1 Gnomedia Subberz | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed. | ||||
| CVE-2006-3690 | 1 Minibb | 1 Forum | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php. | ||||
| CVE-2006-3691 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php. | ||||
| CVE-2006-3692 | 1 Silentweb | 1 Listmessenger | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable is set to a constant value. As of 20060726, CVE concurs with the vendor based on SecurityTracker's post-disclosure analysis | ||||
| CVE-2006-3693 | 1 Rocks Clusters | 1 Rocks Clusters | 2026-04-16 | N/A |
| Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call. | ||||
| CVE-2006-3694 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | ||||
| CVE-2006-3695 | 1 Edgewall Software | 1 Trac | 2026-04-16 | N/A |
| Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. | ||||
| CVE-2006-3698 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER. | ||||
| CVE-2006-3699 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02. | ||||
| CVE-2006-3700 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB. | ||||
| CVE-2006-3701 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05. | ||||
| CVE-2006-3702 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI; (10) DB16 for Query Rewrite/Summary Mgmt; (11) DB17, (12) DB18, (13) DB19, (14) DBC02, (15) DBC03, and (16) DBC04 for RPC; and (17) DB20 for Semantic Analysis. NOTE: as of 20060719, Oracle has not disputed third party claims that DB06 is related to "SQL injection" using DBMS_EXPORT_EXTENSION with a modified ODCIIndexGetMetadata routine and a call to GET_DOMAIN_INDEX_METADATA, in which case DB06 might be CVE-2006-2081. | ||||
| CVE-2006-3704 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4. | ||||
| CVE-2006-3705 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE. | ||||
| CVE-2006-3706 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01. | ||||