Export limit exceeded: 366762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366762 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2917 1 Qbik 1 Wingate 2026-04-16 N/A
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
CVE-2006-2918 1 Lanap Botdetect 1 Captcha Asp.net 2026-04-16 N/A
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."
CVE-2006-2919 1 Microsoft 1 Netmeeting 2026-04-16 N/A
Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.
CVE-2001-0841 1 Ikonboard.com 1 Ikonboard 2026-04-16 N/A
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
CVE-2002-1388 1 Mhonarc 1 Mhonarc 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
CVE-2006-2920 2 Sylpheed, Sylpheed-claws 2 Sylpheed, Sylpheed-claws 2026-04-16 N/A
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
CVE-2006-2928 1 Cms-bandits 1 Cms-bandits 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php.
CVE-2006-2935 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-16 N/A
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow.
CVE-2006-2944 1 Cgi-rescue 1 Form2mail 2026-04-16 N/A
Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
CVE-2001-0851 4 Caldera, Linux, Redhat and 1 more 8 Openlinux, Openlinux Edesktop, Openlinux Eserver and 5 more 2026-04-16 N/A
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
CVE-2006-2952 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2026-04-16 N/A
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php.
CVE-2001-0859 1 Redhat 1 Linux 2026-04-16 N/A
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
CVE-2006-2961 1 Aclogic 1 Cesarftp 2026-04-16 N/A
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2964 1 Xtreme Scripts 1 Download Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.
CVE-2006-2969 1 L0j1k 1 Tinymuw 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations.
CVE-2006-2976 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
CVE-2006-2977 1 Mafia Moblog 1 Mafia Moblog 2026-04-16 N/A
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2006-2979 1 Viart 1 Shop 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.
CVE-2006-2984 1 Integramod 1 Integramod 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection.
CVE-2006-2995 1 Webprojectdb 1 Webprojectdb 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php.