Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4313 1 Cisco 1 Vpn 3000 Concentrator Series Software 2026-04-16 N/A
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
CVE-2006-4324 1 Cityforfree 1 Indexcity 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2006-4350 1 Oneorzero 1 Oneorzero 2026-04-16 N/A
SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1971 1 Interactivephp 1 Fusionbb 2026-04-16 N/A
Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.
CVE-2006-4352 1 Cisco 1 Content Services Switch 11000 2026-04-16 N/A
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information.
CVE-2006-4355 1 Drupal 1 Drupal Easylinks Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4357 1 Dieselscripts 1 Diesel Smart Traffic 2026-04-16 N/A
PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.
CVE-2000-0340 1 Suse 1 Suse Linux 2026-04-16 N/A
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
CVE-2006-4358 1 Dieselscripts 1 Diesel Pay 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.
CVE-2006-0643 1 Wiredred 1 E Pop Web Conferencing 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.
CVE-2006-4363 1 Cropimage Component 1 Cropimage Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.
CVE-2006-4375 1 Mambo 1 Contacts Xtd Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
CVE-2006-4376 1 Guder Und Koch Netzwerktechnik 1 Eichhorn Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.
CVE-2000-0361 1 Suse 1 Suse Linux 2026-04-16 N/A
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
CVE-2006-4380 2 Mysql, Redhat 2 Mysql, Enterprise Linux 2026-04-16 N/A
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
CVE-2006-4381 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
CVE-2006-0762 1 Winability 1 Folder Guard 2026-04-16 N/A
WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement.
CVE-2006-4382 1 Apple 1 Quicktime 2026-04-16 N/A
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
CVE-2006-4384 1 Apple 1 Quicktime 2026-04-16 N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
CVE-2006-4385 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.