Export limit exceeded: 16497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-7211 1 Firebirdsql 1 Firebird 2026-04-23 N/A
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
CVE-2006-7213 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
CVE-2006-7214 1 Firebirdsql 1 Firebird 2026-04-23 N/A
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
CVE-2006-7217 1 Apache 1 Derby 2026-04-23 N/A
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
CVE-2006-7220 1 Sap 2 Saplpd, Sapsprint 2026-04-23 N/A
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5509 1 Woltlab 1 Burning Book 2026-04-23 N/A
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
CVE-2006-7234 2 Lynx, Redhat 2 Lynx, Enterprise Linux 2026-04-23 N/A
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
CVE-2006-5513 1 Geonetwork 1 Opensource 2026-04-23 N/A
SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.
CVE-2006-5503 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2006-5500 1 Xchangeboard 1 Xchangeboard 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5504 1 Simple Machines 1 Simple Machines Forum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.
CVE-2006-5514 1 Web Group Communication Center 1 Web Group Communication Center 2026-04-23 N/A
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
CVE-2006-5495 1 Trawler 1 Trawler Web Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.
CVE-2006-4926 1 Kaspersky Lab 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more 2026-04-23 N/A
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL.
CVE-2006-5496 1 Timothy Claason 1 Knowledgebank 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
CVE-2006-4902 1 Symantec 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server 2026-04-23 N/A
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
CVE-2006-4809 1 Enlightenment 1 Imlib2 2026-04-23 N/A
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
CVE-2006-4813 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The __block_prepare_write function in fs/buffer.c for Linux kernel 2.6.x before 2.6.13 does not properly clear buffers during certain error conditions, which allows local users to read portions of files that have been unlinked.
CVE-2006-4925 1 Openbsd 1 Openssh 2026-04-23 N/A
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
CVE-2006-5497 1 Middlebury College 1 Segue Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.