Export limit exceeded: 362716 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362716 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-04-16 | N/A |
| SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2026-04-16 | N/A |
| SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE. | ||||
| CVE-2006-1110 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. | ||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-04-16 | N/A |
| SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1114 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php. | ||||
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2026-04-16 | N/A |
| nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack. | ||||
| CVE-2006-1116 | 1 Ncipher | 1 Ncore | 2026-04-16 | N/A |
| The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected. | ||||
| CVE-2006-1118 | 1 Bmail | 1 Bmail | 2026-04-16 | N/A |
| SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets. | ||||
| CVE-2000-0897 | 1 Max Feoktistov | 1 Small Http Server | 2026-04-16 | N/A |
| Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. | ||||
| CVE-2006-0836 | 1 Mozilla | 1 Thunderbird | 2026-04-16 | N/A |
| Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | ||||
| CVE-2006-0837 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2006-0838 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2006-0855 | 1 Rahul Dhesi | 1 Zoo | 2026-04-16 | N/A |
| Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. | ||||
| CVE-2006-0856 | 1 Scriptme | 1 Sme Gb Host | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. | ||||
| CVE-2006-0858 | 1 Starforce | 1 Safe N Sec Personal \+ Anti-spyware | 2026-04-16 | N/A |
| Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | ||||
| CVE-2006-0860 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular expression check, and (2) other unspecified attack vectors. | ||||
| CVE-2006-0861 | 1 Michael Salzer | 1 Guestbox | 2026-04-16 | N/A |
| Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. | ||||
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. | ||||
| CVE-2006-0864 | 1 Hauri | 1 Virobot | 2026-04-16 | N/A |
| filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. | ||||