Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6352 1 Frisk Software 1 F-prot Antivirus 2026-04-23 N/A
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
CVE-2006-6353 1 Apple 3 Bomarchivehelper, Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".
CVE-2006-6354 1 Duware 11 Duamazon, Duarticle, Duclassified and 8 more 2026-04-23 N/A
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
CVE-2007-0828 1 Mysqlnewsengine 1 Mysqlnewsengine 2026-04-23 N/A
PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
CVE-2006-6355 1 Duware 1 Duclassmate 2026-04-23 N/A
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
CVE-2006-6358 1 Stefan Frech 1 Online-bookmarks 2026-04-23 N/A
SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-0829 1 Alwil 1 Avast Antivirus 2026-04-23 N/A
avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
CVE-2006-6367 1 Duware 3 Dudownload, Dunews, Dupaypal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
CVE-2006-6368 1 Awrate 1 Awrate 2026-04-23 N/A
PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.
CVE-2006-6372 1 James Barnsley 1 Jab Guest Book 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6349 1 Pwp Technologies 1 The Classified Ad System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
CVE-2006-6376 1 Onedotoh 1 Simple File Manager 2026-04-23 N/A
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.
CVE-2007-0832 1 Vmware 1 Workstation 2026-04-23 N/A
VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
CVE-2006-6377 1 Uploadscript 1 Uploadscript 2026-04-23 N/A
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
CVE-2006-6378 1 Widcomm 1 Btsavemysql 2026-04-23 N/A
BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.
CVE-2006-6379 1 Broadcom 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Server Protection Suite 2026-04-23 N/A
Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Server Protection Suite r2, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-6384 1 John Goodman 1 Abitwhizzy 2026-04-23 N/A
Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.
CVE-2007-0835 1 Coppermine 1 Coppermine Photo Gallery 2026-04-23 N/A
admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6387 1 Link Content Management Server 1 Link Content Management Server 2026-04-23 N/A
Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5283 1 Hitachi 1 Tpbroker Object Transaction Monitor 2026-04-23 N/A
The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.