Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29925 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3909 1 Wired Community Software 1 Wwwthreads 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.
CVE-2006-3908 1 Gillius Programming 1 Game Networking Engine 2026-06-16 7.5 HIGH N/A
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.
CVE-2006-3907 1 Siemens 1 Speedstream Wireless Router 2026-06-16 5.0 MEDIUM N/A
Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.
CVE-2006-3906 1 Cisco 21 Adaptive Security Appliance Software, Ios, Pix Asa Ids and 18 more 2026-06-16 5.0 MEDIUM N/A
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
CVE-2006-3905 1 Mywebland 1 Mybloggie 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
CVE-2006-3903 1 Mywebland 1 Mybloggie 2026-06-16 5.8 MEDIUM N/A
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
CVE-2006-3902 1 Phpfaber 1 Topsites 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3901 1 Tumbleweed 1 Mailgate Email Firewall 2026-06-16 7.5 HIGH N/A
Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.
CVE-2006-3900 1 Tobias Kloy 1 Tp-book 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-3899 1 Microsoft 2 Internet Explorer, Windows Xp 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
CVE-2006-3898 1 Microsoft 1 Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
CVE-2006-3896 1 Neoscale Systems 1 Cryptostor Tape 700 2026-06-16 4.9 MEDIUM N/A
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX.
CVE-2006-3894 1 Dell 2 Bsafe Cert-c, Bsafe Crypto-c 2026-06-16 5.0 MEDIUM N/A
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
CVE-2006-3893 2 Casio, Newtone 2 Photo Loader, Imagekit 2026-06-16 10.0 HIGH N/A
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.
CVE-2006-3892 1 Emc 1 Networker 2026-06-16 10.0 HIGH N/A
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
CVE-2006-3890 2 Sky Software, Winzip 2 Fileview Activex Control, Winzip 2026-06-16 9.3 HIGH N/A
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
CVE-2006-3888 1 Aol 1 Ygp Pic Downloader Activex Control 2026-06-16 7.5 HIGH N/A
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method.
CVE-2006-3887 1 Aol 1 Ygp Screensaver Activex Control 2026-06-16 7.5 HIGH N/A
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-3886 1 Musicbox 1 Musicbox 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.
CVE-2006-3885 1 Checkpoint 1 Firewall-1 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.