Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0761 1 Rim 1 Blackberry Enterprise Server 2026-04-16 N/A
Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
CVE-2006-0779 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.
CVE-2006-0781 1 Perlblog 1 Perlblog 2026-04-16 N/A
Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.
CVE-2006-0783 1 Siteframe 1 Siteframe Beaumont 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).
CVE-2006-0788 1 Kyocera 1 Fs-3830n 2026-04-16 N/A
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.
CVE-2006-0791 1 Dreamcost 1 Hostadmin 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.
CVE-2006-0815 1 Networkactiv 1 Networkactiv Web Server 2026-04-16 N/A
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
CVE-2006-0816 1 Orionserver 1 Orion Application Server 2026-04-16 N/A
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
CVE-2006-0817 3 Deerfield, Icewarp, Merak 3 Visnetic Mail Server, Web Mail, Mail Server 2026-04-16 N/A
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556.
CVE-2006-0821 1 Bxcp 1 Bxcp 2026-04-16 N/A
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2006-0824 1 Geeklog 1 Geeklog 2026-04-16 N/A
Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.
CVE-2006-0825 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-16 N/A
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.
CVE-2006-0826 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-16 N/A
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request.
CVE-2006-1077 1 Evo-dev 1 Evoblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
CVE-2006-0843 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
CVE-2006-0859 1 Michael Salzer 1 Guestbox 2026-04-16 N/A
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter.
CVE-2006-0870 1 Mini-nuke 1 Mini-nuke Cms 2026-04-16 N/A
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
CVE-2005-1851 1 Ekg 1 Ekg 2026-04-16 N/A
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.
CVE-2006-0876 1 Popfile 1 Popfile 2026-04-16 N/A
POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages.
CVE-2006-0897 1 Virtual Communication Services 1 Vpmi Enterprise 2026-04-16 N/A
SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Session State (server side) that protects against the type of SQL injection you describe. We have tested for many of the cases and have not found it to be an issue." Further investigation suggests that the original researcher might have triggered errors using invalid field values, which is not proof of SQL injection; however, the vendor did not receive a response from the original researcher