Total
29757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2257 | 1 Faktorystudios | 1 Easyevent | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. | ||||
| CVE-2006-2287 | 1 Vision Source | 1 Vision Source Cms | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile. | ||||
| CVE-2006-2288 | 1 Avahi | 1 Avahi | 2025-04-03 | N/A |
| Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. | ||||
| CVE-2006-2289 | 1 Avahi | 1 Avahi | 2025-04-03 | N/A |
| Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-2291 | 1 Inhouse Associates | 1 Ia-calendar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2292 | 1 Inhouse Associates | 1 Ia-calendar | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2293 | 1 Expinion.net | 1 Multicalendars | 2025-04-03 | N/A |
| SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-2294 | 1 Timobraun | 1 Dynamic Galerie | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this issue might be resultant from directory traversal. | ||||
| CVE-2006-2368 | 1 Clansys | 1 Clansys | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | ||||
| CVE-2006-2413 | 1 Gnunet | 1 Gnunet | 2025-04-03 | N/A |
| GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors. | ||||
| CVE-2006-2415 | 1 Flexchat | 1 Flexchat | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. | ||||
| CVE-2006-2418 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. | ||||
| CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | ||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2025-04-03 | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | ||||
| CVE-2006-2446 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite. | ||||
| CVE-2006-2441 | 1 Pioneers | 1 Pioneers Meta-server | 2025-04-03 | N/A |
| Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | ||||
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2025-04-03 | N/A |
| kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | ||||
| CVE-2006-2443 | 1 Knowledgetree | 1 Knowledgetree | 2025-04-03 | N/A |
| The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database. | ||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | ||||