Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | ||||
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2026-04-16 | N/A |
| publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | ||||
| CVE-2006-0391 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | ||||
| CVE-2006-1293 | 1 Astalavista It Engineering | 1 Contrexx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). | ||||
| CVE-2006-3075 | 1 Picturedis | 2 Picturedis Photoalbum, Picturedis Professional | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php. | ||||
| CVE-2006-3077 | 1 Axent | 1 Axentguestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. | ||||
| CVE-2006-1298 | 1 Symantec Veritas | 1 Backup Exec | 2026-04-16 | N/A |
| Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. | ||||
| CVE-2006-3078 | 1 Apboard | 1 Apboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. | ||||
| CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | ||||
| CVE-2006-3085 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers to cause a denial of service (infinite loop) via an SCTP chunk with a 0 length. | ||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | ||||
| CVE-2006-3089 | 1 Phpmyfactures | 1 Phpmyfactures | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) prefixe_dossier parameter in (a) /inc/header.php; (2) msg parameter in (b) /remises/ajouter_remise.php, (c) /tva/ajouter_tva.php, (d) /stocks/ajouter.php, (e) /pays/ajouter_pays.php, (f) /produits/ajouter_cat.php, (g) /produits/ajouter_produit.php and (h) /produits/modifier_cat.php; (3) tire parameter in /remises/ajouter_remise.php; (4) quantite, (5) taux and (6) date parameter in /stocks/ajouter.php; and (7) pays and (8) prefixe parameter in /pays/ajouter_pays.php. | ||||
| CVE-2006-0404 | 1 Mike Macgirvin | 1 Note-a-day Weblog | 2026-04-16 | N/A |
| Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. | ||||
| CVE-2006-0409 | 1 Pixelpost | 1 Photoblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. | ||||
| CVE-2006-1314 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. | ||||
| CVE-2006-0411 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | ||||
| CVE-2006-0414 | 1 Tor | 1 Tor | 2026-04-16 | N/A |
| Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | ||||
| CVE-2006-0420 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." | ||||
| CVE-2006-1315 | 1 Microsoft | 1 Server Service | 2026-04-16 | N/A |
| The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." | ||||
| CVE-2006-3090 | 1 Phpmyfactures | 1 Phpmyfactures | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays parameter in (a) /pays/modifier_pays.php; (2) id_produit, (3) quantite, (4) prix_ht, and (5) date parameter in (b) /stocks/ajouter.php; (6) id_cat parameter in (c) /produits/modifier_cat.php; (7) id_client parameter in (d) /clients/modifier_client.php; (8) id_remise parameter in (e) /remises/index.php; (9) id_taux parameter in (f) /tva/index.php; (10) ref_produit, and (11) id_stock parameter in (g) /stocks/index.php; (12) id_pays parameter in (h) /pays/index.php; and (13) id_cat parameter in (i) /produits/index.php. | ||||