Search

Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5225 1 Aai-portal 1 Aaiportal 2026-04-23 N/A
Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5222 1 Dimension Of Phpbb 1 Dimension Of Phpbb 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Dimension of phpBB 0.2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/themen_portal_mitte.php or (2) includes/logger_engine.php.
CVE-2006-5199 1 Adobe 1 Contribute 2026-04-23 N/A
Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.
CVE-2006-4693 1 Microsoft 2 Office, Word 2026-04-23 N/A
Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
CVE-2006-4692 1 Microsoft 2 Windows Server 2003, Windows Xp 2026-04-23 N/A
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
CVE-2006-6454 1 J-owamp 1 Web Interface 2026-04-23 N/A
execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3864 1 Microsoft 3 Office, Project, Visio 2026-04-23 N/A
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
CVE-2006-6451 1 Swsoft 1 Plesk 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
CVE-2006-3651 1 Microsoft 2 Office, Word 2026-04-23 N/A
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
CVE-2006-3650 1 Microsoft 1 Office 2026-04-23 N/A
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
CVE-2006-3647 1 Microsoft 1 Office 2026-04-23 N/A
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
CVE-2006-6441 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.
CVE-2006-3436 1 Microsoft 1 .net Framework 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
CVE-2006-3435 1 Microsoft 1 Office 2026-04-23 N/A
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
CVE-2006-6438 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.
CVE-2006-6433 1 Xerox 1 Workcentre 2026-04-23 N/A
Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.
CVE-2006-6431 1 Xerox 1 Workcentre 2026-04-23 N/A
Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.
CVE-2006-6420 1 Ryan Demmer 1 Joomla Content Editor 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6415 1 Phpadsnew 1 Phpadsnew 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/lib-maintenance.inc.php in phpAdsNew 2.0.4-pr2 allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter, a different component than CVE-2006-3984. NOTE: this issue is disputed by CVE, since phpAds_path is used as a constant
CVE-2006-6413 1 Amateras 1 Amateras Sns 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.