Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3095 | 1 Ipostmx | 1 Ipostmx 2005 | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm. | ||||
| CVE-2006-3102 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory. | ||||
| CVE-2006-3097 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | ||||
| CVE-2006-3105 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php. | ||||
| CVE-2006-3104 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message. | ||||
| CVE-2006-3103 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php. | ||||
| CVE-2006-3112 | 1 Chipmailer | 1 Chipmailer | 2025-04-03 | N/A |
| Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function. | ||||
| CVE-2006-3109 | 1 Cisco | 1 Call Manager | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657. | ||||
| CVE-2006-3114 | 1 Pc Tools | 1 Pc Tools Antivirus | 2025-04-03 | N/A |
| PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands. | ||||
| CVE-2006-3111 | 1 Chipmailer | 1 Chipmailer | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr. | ||||
| CVE-2006-3118 | 1 Canonical | 1 Spread | 2025-04-03 | N/A |
| spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue. | ||||
| CVE-2006-3119 | 1 Fbi | 1 Fbi | 2025-04-03 | N/A |
| The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands. | ||||
| CVE-2006-3120 | 1 Brian Wotring | 1 Osiris | 2025-04-03 | N/A |
| Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions. | ||||
| CVE-2006-3130 | 1 Clubpage | 1 Clubpage | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2006-3140 | 1 Openci | 1 Openci | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3145 | 1 Netpbm | 1 Netpbm | 2025-04-03 | N/A |
| Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error. | ||||
| CVE-2006-3148 | 1 Open-realty | 1 Open-realty | 2025-04-03 | N/A |
| SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. | ||||
| CVE-2006-3154 | 1 Thinkfactory | 1 Ultimate Estate | 2025-04-03 | N/A |
| SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3156 | 1 Thinkfactory | 1 Ultimate Eshop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter. | ||||
| CVE-2006-3160 | 1 Onedotoh | 1 Simple File Manager | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||