Total
29928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-4036 | 1 Zonemetrics | 1 Zonex Publishers Gold Edition | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2006-4034 | 1 Moderngigabyte | 1 Modernbill | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. | |||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2026-06-16 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2006-4031 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-06-16 | 2.1 LOW | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2026-06-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | |||||
| CVE-2006-4025 | 1 Xennobb | 1 Xennobb | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2026-06-16 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-4023 | 1 Php | 1 Php | 2026-06-16 | 5.0 MEDIUM | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2026-06-16 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2006-4021 | 1 Scatterchat | 1 Scatterchat | 2026-06-16 | 2.6 LOW | N/A |
| The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption. | |||||
| CVE-2006-4020 | 1 Php | 1 Php | 2026-06-16 | 4.6 MEDIUM | N/A |
| scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read. | |||||
| CVE-2006-4019 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. | |||||
| CVE-2006-4017 | 1 Inter Network Marketing Ag | 1 G3 Content Management System | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter. | |||||
| CVE-2006-4016 | 1 Toenda Software Development | 1 Toendacms | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-4015 | 1 Hp | 3 Procurve Switch 3500yl, Procurve Switch 5400zl, Procurve Switch 6200yl | 2026-06-16 | 5.0 MEDIUM | N/A |
| Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. | |||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2026-06-16 | 5.0 MEDIUM | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||||
