Export limit exceeded: 348241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348241 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3378 | 1 Ubuntu | 1 Ubuntu Linux | 2026-04-16 | N/A |
| passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | ||||
| CVE-2006-3379 | 1 Hiki Wiki | 1 Hiki Wiki | 2026-04-16 | N/A |
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | ||||
| CVE-2006-3380 | 1 Freestyle | 1 Freestyle Wiki | 2026-04-16 | N/A |
| Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | ||||
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2026-04-16 | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | ||||
| CVE-2006-3384 | 1 Vincent Leclercq | 1 News | 2026-04-16 | N/A |
| SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | ||||
| CVE-2006-3385 | 1 Vincent Leclercq | 1 News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. | ||||
| CVE-2006-3386 | 1 Vincent Leclercq | 1 News | 2026-04-16 | N/A |
| index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. | ||||
| CVE-2006-3388 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | ||||
| CVE-2006-3390 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. | ||||
| CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2026-04-16 | N/A |
| Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | ||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2026-04-16 | N/A |
| SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | ||||
| CVE-2006-3395 | 1 Webdesignhq | 1 Sitebuilder-fx | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | ||||
| CVE-2006-3396 | 1 Miro International | 1 Galleria | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3397 | 1 Pkr Internet | 1 Taskjitsu | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task. | ||||
| CVE-2006-3398 | 1 Pkr Internet | 1 Taskjitsu | 2026-04-16 | N/A |
| The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. | ||||
| CVE-2006-3408 | 1 Tor | 1 Tor | 2026-04-16 | N/A |
| Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors. | ||||
| CVE-2006-3400 | 2 Id Software, Raven Software | 2 Quake 3 Engine, Soldier Of Fortune 2 | 2026-04-16 | N/A |
| Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | ||||
| CVE-2006-3401 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | ||||
| CVE-2006-3402 | 1 Virtuastore | 1 Virtuastore | 2026-04-16 | N/A |
| SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. | ||||
| CVE-2006-3403 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | ||||