ReportizFlow
Filtered by vendor
Subscriptions
Total
29899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2441 | 1 Pioneers | 1 Pioneers Meta-server | 2026-04-16 | N/A |
| Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | ||||
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2026-04-16 | N/A |
| kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | ||||
| CVE-2006-2444 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite. | ||||
| CVE-2006-2448 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c). | ||||
| CVE-2006-2450 | 1 Libvncserver | 1 Libvncserver | 2026-04-16 | N/A |
| auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369. | ||||
| CVE-2006-2461 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | ||||
| CVE-2006-2465 | 1 Mp3info | 1 Mp3info | 2026-04-16 | N/A |
| Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability. | ||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | ||||
| CVE-2006-2477 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | ||||
| CVE-2006-2486 | 1 Yapbb | 1 Yapbb | 2026-04-16 | N/A |
| SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter. | ||||
| CVE-2002-1925 | 1 Tiny Software | 1 Tiny Personal Firewall | 2026-04-16 | N/A |
| Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. | ||||
| CVE-2002-1927 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2026-04-16 | N/A |
| Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file. | ||||
| CVE-2006-2491 | 2 Boastmachine, Kailash Nadh | 2 Boastmachine, Boastmachine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | ||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | ||||
| CVE-2006-2509 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | ||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2026-04-16 | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | ||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2026-04-16 | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | ||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | ||||
| CVE-2006-2547 | 1 Sap | 1 Sapdba | 2026-04-16 | N/A |
| Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling. | ||||