ReportizFlow
Filtered by vendor
Subscriptions
Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-2486 | 1 Motobit | 1 Motobit | 2026-04-23 | N/A |
| Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter. | ||||
| CVE-2006-6062 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | ||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2026-04-23 | N/A |
| The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | ||||
| CVE-2006-6075 | 1 Baalasp | 1 Smart Form Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6084 | 1 Unverse.net | 1 Abitwhizzy | 2026-04-23 | N/A |
| Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | ||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2026-04-23 | N/A |
| Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | ||||
| CVE-2006-6120 | 2 Kde, Redhat | 2 Koffice, Enterprise Linux | 2026-04-23 | N/A |
| Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. | ||||
| CVE-2006-6395 | 1 Ulrik Petersen | 2 Emdros Database Engine, Emrdos Database Engine | 2026-04-23 | N/A |
| Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415. | ||||
| CVE-2006-6712 | 1 Sugarcrm | 1 Sugarcrm | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. | ||||
| CVE-2006-6127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | ||||
| CVE-2006-6128 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed. | ||||
| CVE-2007-6304 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-23 | N/A |
| The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns. | ||||
| CVE-2006-6721 | 1 Knusperleicht | 1 Shoutbox | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | ||||
| CVE-2006-6731 | 2 Redhat, Sun | 5 Enterprise Linux, Rhel Extras, Jdk and 2 more | 2026-04-23 | N/A |
| Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5061 | 1 Advanced-clan-script | 1 Advanced-clan-script | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in mcf.php in Advanced-Clan-Script (AVCX) 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | ||||
| CVE-2006-5053 | 1 Web-news | 1 Web-news | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. | ||||
| CVE-2006-5206 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-23 | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used. | ||||
| CVE-2006-7177 | 1 Madwifi | 1 Madwifi | 2026-04-23 | N/A |
| MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." | ||||