ReportizFlow
Filtered by vendor
Subscriptions
Total
29914 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3804 | 1 Cisco | 1 7920 Wireless Ip Phone | 2026-04-16 | N/A |
| Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. | ||||
| CVE-2006-1136 | 1 Xerox | 6 Copycentre C65, Copycentre C75, Copycentre C90 and 3 more | 2026-04-16 | N/A |
| Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2006-1146 | 1 Cor Entertainment | 1 Alien Arena 2006 | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. | ||||
| CVE-2006-1197 | 1 Macrovision | 1 Safedisc | 2026-04-16 | N/A |
| SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | ||||
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. | ||||
| CVE-2006-1218 | 1 Novell | 1 Bordermanager | 2026-04-16 | N/A |
| Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1". | ||||
| CVE-2006-1221 | 1 Zonelabs | 1 Zonealarm Security Suite | 2026-04-16 | N/A |
| Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE. | ||||
| CVE-2006-1232 | 1 Dsportal | 1 Dsdownload | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | ||||
| CVE-2006-1235 | 1 David Ravenscroft | 1 Hithost | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir. | ||||
| CVE-2006-1236 | 1 Crossfire | 1 Crossfire | 2026-04-16 | 7.3 High |
| Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | ||||
| CVE-2006-1265 | 1 Xhawk.net | 1 Discussion | 2026-04-16 | N/A |
| SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter. | ||||
| CVE-2006-1283 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd. | ||||
| CVE-2006-1320 | 1 Rssh | 1 Rssh | 2026-04-16 | N/A |
| util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf. | ||||
| CVE-2006-1362 | 1 Mini-nuke | 1 Mini-nuke Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870. | ||||
| CVE-2006-1378 | 1 Counterpane | 1 Password Safe | 2026-04-16 | N/A |
| PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. | ||||
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2026-04-16 | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | ||||
| CVE-2006-1391 | 1 Pablo Software Solutions | 2 Baby Asp Web Server, Quick And Easy Web Server | 2026-04-16 | N/A |
| The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL. | ||||
| CVE-2006-1393 | 1 University Of Washington | 1 Pubcookie | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. | ||||
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | ||||
| CVE-2006-1443 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions. | ||||