Export limit exceeded: 363078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2177 1 Bitdamaged 1 Geoblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-2182 1 Albinator 1 Albinator 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
CVE-2006-2199 3 Openoffice, Redhat, Sun 3 Openoffice, Enterprise Linux, Staroffice 2026-04-16 N/A
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
CVE-2006-2200 2 Mimms, Xine 2 Mimms, Xine-lib 2026-04-16 N/A
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
CVE-2006-2201 1 Broadcom 1 Resource Initialization Manager 2026-04-16 N/A
Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0.
CVE-2006-2206 1 Ultravnc 1 Ultravnc 2026-04-16 N/A
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
CVE-2006-2208 1 Planetluc 1 Mynews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.
CVE-2006-2209 1 Php Arena 1 Pacheckbook 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2211 1 321soft 1 Php-gallery 2026-04-16 N/A
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.
CVE-2006-2214 1 4images 1 Image Gallery Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2.
CVE-2000-1045 1 Padl Software 1 Nss Ldap 2026-04-16 N/A
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
CVE-2006-2227 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
CVE-2006-2231 1 Big Webmaster 1 Big Webmaster Guestbook Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
CVE-2006-2232 1 Scriptsez 1 Cute Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
CVE-2006-2233 1 Banktown 1 Btcxctl20com Activex Control 2026-04-16 N/A
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.
CVE-2006-2234 1 Tyrocms 1 Tyrocms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag.
CVE-2006-2235 1 Codemunkyx 1 Simple Poll 2026-04-16 N/A
CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application.
CVE-2006-2236 1 Id Software 4 Quake 3 Arena, Quake 3 Engine, Return To Castle Wolfenstein and 1 more 2026-04-16 N/A
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
CVE-2006-2240 1 Fujitsu 4 Netshelter Fw, Netshelter Fw-l, Netshelter Fw-m and 1 more 2026-04-16 N/A
Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-2242 1 Acftp 1 Acftp 2026-04-16 N/A
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.