Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2458 | 1 Libextractor | 1 Libextractor | 2025-04-03 | N/A |
| Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | ||||
| CVE-2006-3001 | 1 Okscripts | 1 Okmall | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message. | ||||
| CVE-1999-0894 | 1 Redhat | 1 Linux | 2025-04-03 | N/A |
| Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals. | ||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | ||||
| CVE-2000-0052 | 3 Mandrakesoft, Redhat, Turbolinux | 3 Mandrake Linux, Linux, Turbolinux | 2025-04-03 | N/A |
| Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. | ||||
| CVE-2000-0230 | 2 Halloween, Redhat | 2 Halloween Linux, Linux | 2025-04-03 | N/A |
| Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. | ||||
| CVE-2000-0373 | 1 Kde | 1 Kvt | 2025-04-03 | N/A |
| Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. | ||||
| CVE-2000-0392 | 3 Cygnus, Mit, Redhat | 5 Cygnus Network Security, Kerbnet, Kerberos and 2 more | 2025-04-03 | N/A |
| Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. | ||||
| CVE-2000-0887 | 1 Isc | 1 Bind | 2025-04-03 | N/A |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." | ||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2025-04-03 | N/A |
| Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | ||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | ||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2025-04-03 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | ||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2025-04-03 | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2526 | 1 Power Place | 1 Php Easy Galerie | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
| CVE-2006-2543 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2025-04-03 | N/A |
| Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php. | ||||
| CVE-2006-2550 | 1 Perlpodder | 1 Perlpodder | 2025-04-03 | N/A |
| perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548. | ||||
| CVE-2006-2572 | 1 Dian Gemilang | 1 Dgbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | ||||
| CVE-2006-2583 | 1 Nucleus Group | 1 Nucleus Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. | ||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2025-04-03 | N/A |
| Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2607 | 2 Paul Vixie, Redhat | 2 Vixie Cron, Enterprise Linux | 2025-04-03 | N/A |
| do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | ||||