Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4037 1 Fenestrae 1 Faxination Server 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2006-4036 1 Zonemetrics 1 Zonex Publishers Gold Edition 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4035 1 Counterchaos 1 Counterchaos 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
CVE-2006-4034 1 Moderngigabyte 1 Modernbill 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
CVE-2006-4033 1 Lhaplus 1 Lhaplus 2026-06-16 5.1 MEDIUM N/A
Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.
CVE-2006-4032 1 Cisco 1 Callmanager Express 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
CVE-2006-4031 2 Mysql, Oracle 2 Mysql, Mysql 2026-06-16 2.1 LOW N/A
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
CVE-2006-4030 1 Gallery Project 1 Gallery 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
CVE-2006-4029 1 Ageet 1 Agephone 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
CVE-2006-4025 1 Xennobb 1 Xennobb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
CVE-2006-4024 1 Festalon 1 Festalon 2026-06-16 7.5 HIGH N/A
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
CVE-2006-4023 1 Php 1 Php 2026-06-16 5.0 MEDIUM N/A
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
CVE-2006-4022 1 Intel 1 2100 Proset Wireless 2026-06-16 4.6 MEDIUM N/A
Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.
CVE-2006-4021 1 Scatterchat 1 Scatterchat 2026-06-16 2.6 LOW N/A
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
CVE-2006-4020 1 Php 1 Php 2026-06-16 4.6 MEDIUM N/A
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
CVE-2006-4019 1 Squirrelmail 1 Squirrelmail 2026-06-16 6.4 MEDIUM N/A
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2006-4017 1 Inter Network Marketing Ag 1 G3 Content Management System 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
CVE-2006-4016 1 Toenda Software Development 1 Toendacms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2006-4015 1 Hp 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl 2026-06-16 5.0 MEDIUM N/A
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
CVE-2006-4014 1 Symantec 1 Brightmail Antispam 2026-06-16 5.0 MEDIUM N/A
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".