Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0864 1 Hauri 1 Virobot 2026-04-16 N/A
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
CVE-2006-0865 1 Punbb 1 Punbb 2026-04-16 N/A
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVE-2006-0885 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2006-0886 1 Dev 1 Dev Web Management System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0894 1 Nocc 1 Nocc 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.
CVE-2006-0895 1 Nocc 1 Nocc 2026-04-16 N/A
NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.
CVE-2006-0892 1 Nocc 1 Nocc 2026-04-16 N/A
NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.
CVE-2006-0899 1 4images 1 Image Gallery Management System 2026-04-16 N/A
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
CVE-2006-0900 1 Freebsd 1 Freebsd 2026-04-16 N/A
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
CVE-2006-0901 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.
CVE-2006-3368 1 Efone 1 Efone 2026-04-16 N/A
Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2006-0908 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter.
CVE-2006-0912 1 Oreka 1 Oreka 2026-04-16 N/A
Oreka before 0.5 allows remote attackers to cause a denial of service (application crash) via a "certain RTP sequence."
CVE-2006-0918 1 Ritlabs 1 The Bat 2026-04-16 N/A
Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field.
CVE-2006-0920 1 Oi 1 Email Marketing System 2026-04-16 N/A
Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP password in cleartext on a Configuration web page, which allows local users with superadministrator privileges, or attackers who have obtained access to the web page, to view the password.
CVE-2006-0929 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command.
CVE-2006-0930 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter.
CVE-2006-3224 1 Apple 1 Safari 2026-04-16 N/A
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.
CVE-2006-0925 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers.
CVE-2006-0928 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code.