Export limit exceeded: 363660 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5874 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
CVE-2006-5875 1 Enemies Of Carlotta 1 Enemies Of Carlotta 2026-04-23 N/A
eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address".
CVE-2006-5122 1 Hp 1 Mercury Sitescope 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
CVE-2006-5124 1 Joshua Muheim 1 Phpmywebmin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php.
CVE-2006-5128 1 Conpresso 1 Conpresso Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.
CVE-2006-5131 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "<?php" and "?>", possibly due to a static code injection vulnerability involving admin/data_inc.php.
CVE-2006-5133 1 Steve Poulsen 1 Guildftpd 2026-04-23 N/A
Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars."
CVE-2006-5144 1 Olate 1 Olatedownload 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
CVE-2006-5145 1 Olate 1 Olatedownload 2026-04-23 N/A
Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
CVE-2006-5146 1 Yblog 1 Yblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.
CVE-2006-5885 1 Dynamic Dataworx 1 Nustore 2026-04-23 N/A
SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.
CVE-2006-5886 1 Dynamic Dataworx 1 Nurealestate 2026-04-23 N/A
SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.
CVE-2006-5889 1 Brewblogger 1 Brewblogger 2026-04-23 N/A
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5890 1 Superfreaker Studios 1 Usupport 2026-04-23 N/A
SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4250 1 Debian 1 Debian Linux 2026-04-23 N/A
Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
CVE-2006-4685 1 Microsoft 2 Xml Core Services, Xml Parser 2026-04-23 N/A
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
CVE-2006-3741 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descriptor consumption).
CVE-2006-4154 1 Apache 1 Http Server 2026-04-23 N/A
Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
CVE-2006-2386 1 Microsoft 1 Outlook Express 2026-04-23 N/A
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file.
CVE-2007-4228 1 Ibm 1 Aix 2026-04-23 N/A
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.