Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2449 2 Kde, Redhat 2 Kde, Enterprise Linux 2026-04-16 N/A
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2450 1 Libvncserver 1 Libvncserver 2026-04-16 N/A
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
CVE-2006-2452 1 Gnome 1 Gdm 2026-04-16 N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2002-0244 1 Atheos 1 Atheos 2026-04-16 N/A
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
CVE-2004-2313 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
CVE-2006-2460 1 Sugarcrm 1 Sugarcrm 2026-04-16 N/A
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
CVE-2006-2466 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
CVE-2006-2470 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.
CVE-2006-2471 1 Bea 1 Weblogic Server 2026-04-16 N/A
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.
CVE-2006-2482 2 Microchip Data Systems, Pentaware 4 Ziptv For C\+\+ Builder, Ziptv For Delphi 7, Pentasuite-pro and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.
CVE-2006-2485 1 Quezza 1 Quezza Bb 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.
CVE-2006-2489 1 Nagios 1 Nagios 2026-04-16 N/A
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
CVE-2006-2499 1 Xfairguy 1 Codeavalanche News 2026-04-16 N/A
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2006-2503 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter.
CVE-2006-2506 1 Sphider 1 Sphider 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter.
CVE-2006-2512 1 Hitachi 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more 2026-04-16 N/A
SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2537 3 Horizontal Shooter Bor, Openbor, Senile Team 3 Horizontal Shooter Bor, Openbor, Beats Of Rage 2026-04-16 N/A
Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.
CVE-2006-2543 1 Xtreme Scripts 1 Xtreme Topsites 2026-04-16 N/A
Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
CVE-2005-1879 1 Lutel 1 Lutelwall 2026-04-16 5.5 Medium
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
CVE-2006-2551 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.