Export limit exceeded: 362577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0711 1 Neomail 1 Neomail 2026-04-16 N/A
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
CVE-2006-0712 1 Squishdot 1 Squishdot 2026-04-16 N/A
mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.
CVE-2006-0727 1 Musox 1 Df Msanalysis 2026-04-16 N/A
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
CVE-2006-0728 1 Webspell 1 Webspell 2026-04-16 N/A
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
CVE-2006-0729 1 Teca Scripts 1 Teca Diary 2026-04-16 N/A
SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.
CVE-2006-0733 1 Wordpress 1 Wordpress 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability
CVE-2006-0734 1 Valve Software 1 Half-life Cstrike Dedicated Server 2026-04-16 N/A
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015.
CVE-2006-0735 2 Fuzzymonkey, M Blom 2 My Blog, Html-bbcode 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
CVE-2006-0739 1 Estara 1 Softphone 2026-04-16 N/A
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits.
CVE-2006-0744 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
CVE-2006-0750 1 Supersmashbrothers 1 Army System 2026-04-16 N/A
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
CVE-2006-0751 1 Noofs Team 1 Network Object Oriented File System 2026-04-16 N/A
Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.
CVE-2006-0763 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
CVE-2006-0764 1 Cisco 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module 2026-04-16 N/A
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
CVE-2006-0765 1 Mirabilis 2 Icq, Icq Lite 2026-04-16 N/A
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a specific length, which truncates the malicious extension from the display and could trick a user into executing arbitrary programs.
CVE-2006-0766 1 Mirabilis 2 Icq, Icq Lite 2026-04-16 N/A
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly containing other modified properties such as company name, icon, and description, which could trick a user into executing arbitrary programs.
CVE-2006-0767 1 Nathan Neulinger 1 Cgiwrap 2026-04-16 N/A
CGIWrap before 3.10 allows remote attackers to obtain sensitive information via unknown attack vectors that cause errors in scripts that reveal system information.
CVE-2006-0768 1 Kadu 1 Kadu 2026-04-16 N/A
Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests.
CVE-2000-0885 1 Microsoft 3 Systems Management Server, Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
CVE-2006-0771 1 Even Balance 1 Punkbuster 2026-04-16 N/A
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.