Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0126 | 1 Rxvt-unicode | 1 Rxvt-unicode | 2026-04-16 | N/A |
| rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | ||||
| CVE-2006-1082 | 1 Phparcadescript | 1 Phparcadescript | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts. | ||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2026-04-16 | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | ||||
| CVE-2006-0129 | 1 Rockliffe | 1 Mailsite | 2026-04-16 | N/A |
| Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | ||||
| CVE-2006-1085 | 1 Php-stats | 1 Php-stats | 2026-04-16 | N/A |
| admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password. | ||||
| CVE-2006-2914 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory. | ||||
| CVE-2006-0134 | 1 Thewebforum | 1 Thewebforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. | ||||
| CVE-2006-1088 | 1 Php-stats | 1 Php-stats | 2026-04-16 | N/A |
| PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. | ||||
| CVE-2006-0141 | 1 Eudora | 1 Internet Mail Server | 2026-04-16 | N/A |
| Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. | ||||
| CVE-2006-1089 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. | ||||
| CVE-2006-1091 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2026-04-16 | N/A |
| Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. | ||||
| CVE-2006-1093 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | ||||
| CVE-2006-0145 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. | ||||
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | ||||
| CVE-2006-2927 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. | ||||
| CVE-2006-2930 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied. | ||||
| CVE-2006-0151 | 2 Todd Miller, Ubuntu | 2 Sudo, Ubuntu Linux | 2026-04-16 | N/A |
| sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. | ||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem | ||||
| CVE-2006-0152 | 1 Phpchamber | 1 Phpchamber | 2026-04-16 | N/A |
| Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||