Total
29925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1100 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-04-16 | N/A |
| Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data. | ||||
| CVE-2006-0153 | 1 427bb | 1 Fourtwosevenbb | 2026-04-16 | N/A |
| 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. | ||||
| CVE-2006-0155 | 1 427bb | 1 Fourtwosevenbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI. | ||||
| CVE-2006-1102 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-04-16 | N/A |
| Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | ||||
| CVE-2006-0156 | 1 Foxrum | 1 Foxrum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. | ||||
| CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | ||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | ||||
| CVE-2006-0158 | 1 Cyberdoc | 1 Sitesuite Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-04-16 | N/A |
| SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-0161 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780. | ||||
| CVE-2006-0162 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | ||||
| CVE-2006-1111 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-16 | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection. | ||||
| CVE-2006-0163 | 1 Francisco Burzi | 1 Php-nuke Ev | 2026-04-16 | N/A |
| SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. | ||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-04-16 | N/A |
| SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-0165 | 1 Plain Black | 1 Webgui | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. | ||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. | ||||
| CVE-2006-0166 | 1 Symantec | 1 Norton System Works | 2026-04-16 | N/A |
| Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. | ||||
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2026-04-16 | N/A |
| nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack. | ||||
| CVE-2006-0171 | 1 Orjinweb | 1 Orjinweb E-commerce | 2026-04-16 | N/A |
| PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. | ||||
| CVE-2006-1117 | 1 Ncipher | 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more | 2026-04-16 | N/A |
| nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force. | ||||