Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0365 1 Xmb Software 1 Xmb Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
CVE-2006-0382 1 Apple 1 Mac Os X 2026-04-16 N/A
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
CVE-2006-2365 1 Vizra 1 Vizra 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-0392 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
CVE-2006-0387 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
CVE-2006-0389 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
CVE-2006-0391 1 Apple 1 Mac Os X 2026-04-16 N/A
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
CVE-2006-0402 1 Jason Geiger 1 Zoph 2026-04-16 N/A
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.
CVE-2006-0400 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
CVE-2006-0411 1 Claroline 1 Claroline 2026-04-16 N/A
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
CVE-2006-0418 1 Topcmm Computing 1 123 Flash Chat Server 2026-04-16 N/A
Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.
CVE-2006-0419 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
CVE-2006-0421 1 Bea 1 Weblogic Server 2026-04-16 N/A
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
CVE-2006-0417 1 Mywebland 1 Minibloggie 2026-04-16 N/A
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
CVE-2006-0430 1 Bea 1 Weblogic Server 2026-04-16 N/A
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
CVE-2006-0431 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
CVE-2006-0423 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
CVE-2006-0425 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.
CVE-2006-0428 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.
CVE-2006-0439 1 Text Rider 1 Text Rider 2026-04-16 N/A
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.