Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5971 1 Verity 1 Ultraseek 2026-04-23 N/A
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
CVE-2006-5972 1 Netgear 2 Wg111v2, Wg111v2 Driver 2026-04-23 N/A
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
CVE-2006-5973 1 Timo Sirainen 1 Dovecot 2026-04-23 N/A
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
CVE-2006-5975 1 Drumster 1 Blogme 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
CVE-2006-5976 1 Drumster 1 Blogme 2026-04-23 N/A
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
CVE-2006-5977 1 Expinion.net 1 Multicalendars 2026-04-23 N/A
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
CVE-2006-5978 1 E-xoopport 1 E-xoopport 2026-04-23 N/A
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
CVE-2006-5979 1 Renasoft 1 Netjetserver 2026-04-23 N/A
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5980 1 Renasoft 1 Netjetserver 2026-04-23 N/A
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5984 1 Webhost Automation 1 Helm Web Hosting Control Panel 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.
CVE-2006-5985 1 Extreme Cms 1 Extreme Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5986 1 Extreme Cms 1 Extreme Cms 2026-04-23 N/A
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5987 1 Aspintranet 1 Aspintranet 2026-04-23 N/A
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.
CVE-2006-5988 1 Microsoft 1 Windows 2000 2026-04-23 N/A
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
CVE-2006-5989 2 Mod Auth Kerb, Redhat 2 Mod Auth Kerb, Enterprise Linux 2026-04-23 N/A
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
CVE-2006-5991 1 Cactusoft 1 Cactushop 2026-04-23 N/A
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
CVE-2006-6007 1 Webevents 1 Online Event Registration 2026-04-23 N/A
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.
CVE-2006-6008 1 Netkit 1 Netkit 2026-04-23 N/A
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
CVE-2006-6009 1 Sun 2 Jdk, Jre 2026-04-23 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
CVE-2006-6010 1 Sap 1 Sap Web Application Server 2026-04-23 N/A
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.