Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4919 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. | ||||
| CVE-2006-3316 | 1 Spiffyjr | 1 Phpraid | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116. | ||||
| CVE-2006-3324 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer. | ||||
| CVE-2006-3332 | 1 Phpoutsourcing | 1 Zorum | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters. | ||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | ||||
| CVE-2006-3355 | 1 Mpg123 | 1 Mpg123 | 2026-04-16 | N/A |
| Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. | ||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2026-04-16 | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3379 | 1 Hiki Wiki | 1 Hiki Wiki | 2026-04-16 | N/A |
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | ||||
| CVE-2006-3403 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | ||||
| CVE-2006-3441 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records. | ||||
| CVE-2006-3470 | 1 Dell | 1 Openmanage Cd | 2026-04-16 | N/A |
| The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges. | ||||
| CVE-2006-3471 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method. | ||||
| CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | ||||
| CVE-2006-3504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. | ||||
| CVE-2006-3512 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2026-04-16 | N/A |
| Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference. | ||||
| CVE-2006-3516 | 1 Freehost | 1 Freehost | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php. | ||||
| CVE-2006-3518 | 1 Webvizyon.net | 1 Webvizyon Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | ||||
| CVE-2006-3527 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php. | ||||
| CVE-2006-3529 | 1 Juniper | 1 Junos | 2026-04-16 | N/A |
| Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. | ||||