Total
29908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2026-04-23 | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | ||||
| CVE-2006-5459 | 1 Alex | 1 Downloadengine | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective. | ||||
| CVE-2006-5768 | 1 Cyberfolio | 1 Cyberfolio | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | ||||
| CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | ||||
| CVE-2006-4412 | 1 Apple | 1 Mac Os X | 2026-04-23 | N/A |
| WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. | ||||
| CVE-2006-5471 | 1 Softerra | 1 Php Developer Library | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters. | ||||
| CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. | ||||
| CVE-2009-3978 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. | ||||
| CVE-2009-3984 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||||
| CVE-2006-5488 | 1 Xchangeboard | 1 Xchangeboard | 2026-04-23 | N/A |
| SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5491 | 1 Ceary | 1 Ultracms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2006-5498 | 1 Middlebury College | 1 Segue Cms | 2026-04-23 | N/A |
| Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | ||||
| CVE-2006-5501 | 1 Aol | 1 Aol | 2026-04-23 | N/A |
| Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | ||||
| CVE-2007-5355 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2006-5926 | 1 Vallheru | 1 Vallheru | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in mail.php in Vallheru before 1.0.7 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) to parameters. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5934 | 1 Iexpress | 1 Estate Agent Manager | 2026-04-23 | N/A |
| SQL injection vulnerability in admin/default.asp in Estate Agent Manager 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the UserName field. | ||||
| CVE-2006-5945 | 1 Mginternet | 1 Car Site Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Car Site Manager (CSM) allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) csm/asp/detail.asp, or the (2) l, (3) typ, or (4) loc parameter to (b) csm/asp/listings.asp. | ||||
| CVE-2006-5947 | 1 Conxint | 1 Conxint Ftp Server | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5950 | 1 Altools | 1 Alftp Ftp Server | 2026-04-23 | N/A |
| Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | ||||
| CVE-2006-5951 | 1 Exophpdesk | 1 Exophpdesk | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | ||||