ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | ||||
| CVE-2006-1836 | 1 Symantec | 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more | 2026-04-16 | N/A |
| Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. | ||||
| CVE-2006-1843 | 1 Cynical Games | 1 Shoutbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2026-04-16 | N/A |
| The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | ||||
| CVE-2006-1847 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1853 | 1 Moderngigabyte | 1 Modernbill | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php. | ||||
| CVE-2006-1854 | 1 Bluepay | 1 Bluepay Manager | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute | ||||
| CVE-2006-1856 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2006-1864 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863. | ||||
| CVE-2006-1867 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. | ||||
| CVE-2006-1879 | 1 Oracle | 1 Collaboration Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in the Email Server component in Oracle Collaboration Suite 9.0.4.2, 10.1.1, 10.1.2.0, and 10.1.2.1 have unknown impact and attack vectors, aka Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04. | ||||
| CVE-2006-1880 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interfaces component; (3) APPS10 in the (c) Oracle General Ledger component; (4) APPS12 and (5) APPS13 in the (d) Oracle Receivables component. | ||||
| CVE-2006-1884 | 3 Jdedwards, Oneworld, Oracle | 12 Enterpriseone Tools, Oneworld Tools, Application Server and 9 more | 2026-04-16 | N/A |
| Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01. | ||||
| CVE-2006-1889 | 1 Script-solution.de | 1 Boardsolution | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). | ||||
| CVE-2006-1892 | 1 Alwil | 1 Avast Antivirus | 2026-04-16 | N/A |
| avast! 4 Linux Home Edition 1.0.5 allows local users to modify permissions of arbitrary files via a symlink attack on the /tmp/_avast4_ temporary directory. | ||||
| CVE-2006-1897 | 1 Talentsoft | 1 Web\+ Shop | 2026-04-16 | N/A |
| Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message. | ||||
| CVE-2006-1899 | 1 Dev | 1 Neuron Blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters. | ||||
| CVE-2006-1900 | 1 W3c | 1 Amaya | 2026-04-16 | N/A |
| Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." | ||||
| CVE-2006-1904 | 1 Animegenesis | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | ||||
| CVE-2006-1909 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | ||||