Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0407 | 1 Azbb | 1 Az Bulletin Board | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim. | ||||
| CVE-2006-0408 | 1 Sun | 1 Grid Engine | 2025-04-03 | N/A |
| rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. | ||||
| CVE-2006-0409 | 1 Pixelpost | 1 Photoblog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. | ||||
| CVE-2006-0410 | 1 John Lim | 1 Adodb | 2025-04-03 | N/A |
| SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | ||||
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2025-04-03 | N/A |
| claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | ||||
| CVE-2006-4773 | 1 Sun | 1 Storedge 6130 Arrays | 2025-04-03 | N/A |
| Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | ||||
| CVE-2006-0448 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. | ||||
| CVE-2006-0468 | 1 Stalker | 1 Communigate Pro | 2025-04-03 | N/A |
| CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. | ||||
| CVE-2006-0469 | 1 Uebimiau | 1 Uebimiau | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. | ||||
| CVE-2006-0470 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. | ||||
| CVE-2006-0471 | 1 My Little Homepage | 1 My Little Forum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2025-04-03 | N/A |
| Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | ||||
| CVE-2006-4797 | 1 Cj Design | 1 Cj Tag Board | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter. | ||||
| CVE-2006-0486 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. | ||||
| CVE-2006-0490 | 1 Aspthai.net | 1 Aspthai Forums | 2025-04-03 | N/A |
| SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums 8.0 and earlier allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the password field. | ||||
| CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2025-04-03 | N/A |
| SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | ||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | ||||
| CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | ||||