Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6856 1 Webtext 1 Webtext 2026-04-23 N/A
Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.
CVE-2006-6851 1 Mobilelib 1 Mobilelib Gold 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
CVE-2006-6855 1 Aidex 1 Mini-webserver 2026-04-23 N/A
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information.
CVE-2006-6881 1 Stavros Markou 1 Atmelwlandriver 2026-04-23 N/A
Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument.
CVE-2006-6902 1 Microsoft 1 Windows 2003 Server 2026-04-23 N/A
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
CVE-2006-6903 1 Toshiba 1 Bluetooth 2026-04-23 N/A
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
CVE-2006-6912 1 Phpmyfaq 1 Phpmyfaq 2026-04-23 N/A
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
CVE-2006-6909 1 Karl Dahlke 1 Edbrowse 2026-04-23 N/A
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
CVE-2006-6938 1 Nitrotech 1 Nitrotech 2026-04-23 N/A
Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
CVE-2006-6940 1 Owa 1 Owa 2026-04-23 N/A
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
CVE-2006-6946 1 Nec 1 Multiwriter 1700c 2026-04-23 N/A
The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
CVE-2006-6948 1 Myodbc 1 Myodbc 2026-04-23 N/A
MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
CVE-2006-6956 1 Microsoft 1 Internet Explorer 2026-04-23 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.
CVE-2006-6957 1 Docebo 1 Docebo 2026-04-23 N/A
PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.
CVE-2006-6964 1 Mailenable 1 Mailenable Professional 2026-04-23 N/A
MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
CVE-2006-6965 1 Andreas Gohr 1 Dokuwiki 2026-04-23 N/A
CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.
CVE-2006-6982 1 3proxy 1 3proxy 2026-04-23 N/A
3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.
CVE-2006-7010 1 Joomla 1 Joomla 2026-04-23 N/A
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
CVE-2006-7009 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2006-7014 1 Bloggit 1 Bloggit 2026-04-23 N/A
admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.