Export limit exceeded: 29906 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2071 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs. | ||||
| CVE-2006-2072 | 1 Delegate | 1 Delegate | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2073 | 1 Isc | 1 Bind | 2025-04-03 | N/A |
| Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2074 | 1 Juniper | 1 Junose | 2025-04-03 | N/A |
| Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2075 | 1 Don Moore | 1 Mydns | 2025-04-03 | N/A |
| Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to cause a denial of service via a crafted DNS message, aka "Query-of-death," as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2076 | 1 Pdnsd | 1 Pdnsd | 2025-04-03 | N/A |
| Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote attackers to cause a denial of service (memory consumption) via a DNS query with an unsupported (1) QTYPE or (2) QCLASS, as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2077 | 1 Pdnsd | 1 Pdnsd | 2025-04-03 | N/A |
| Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2118 | 1 Jmk Web Scripts | 1 Jmk Picture Gallery | 2025-04-03 | N/A |
| JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | ||||
| CVE-2006-2078 | 1 Furukawa Electric | 2 Fitelnet, Mucho-ev Pk | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in multiple FITELnet products, including FITELnet-F40, F80, F100, F120, F1000, and E20/E30, allow remote attackers to cause a denial of service via crafted DNS messages that trigger errors in (1) ProxyDNS or (2) PKI-Resolver, as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2006-2079 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky Media Instant Photo Gallery, possibly before 1.0.2, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | ||||
| CVE-2006-2080 | 1 Verosky Media | 1 Instant Photo Gallery | 2025-04-03 | N/A |
| SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS. | ||||
| CVE-2006-2081 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se. | ||||
| CVE-2006-2082 | 1 Id Software | 1 Quake 3 Engine | 2025-04-03 | N/A |
| Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | ||||
| CVE-2006-2083 | 1 Andrew Tridgell | 1 Rsync | 2025-04-03 | N/A |
| Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. | ||||
| CVE-2006-2086 | 1 Juniper | 1 Junipersetup Control | 2025-04-03 | N/A |
| Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. | ||||
| CVE-2006-2087 | 1 Hitachi | 4 Groupmax Integrated Desktop, Groupmax Mail, Groupmax World Wide Web and 1 more | 2025-04-03 | N/A |
| The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename. | ||||
| CVE-2006-2088 | 1 Devsyn | 1 Open Bulletin Board | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php). | ||||
| CVE-2006-2089 | 1 Mysmartbb | 1 Mysmartbb | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. | ||||
| CVE-2006-2091 | 1 Vwar | 1 Virtual War | 2025-04-03 | N/A |
| admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwar_root parameter, which reveals the path in an error message. | ||||
| CVE-2006-2092 | 1 Hp | 1 Storageworks Secure Path Windows | 2025-04-03 | N/A |
| Unspecified vulnerability in HP StorageWorks Secure Path for Windows 4.0C-SP2 before 20060419 allows remote attackers to cause an unspecified denial of service via unknown vectors. | ||||