Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29918 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3653 1 Microsoft 1 Works 2026-06-16 2.6 LOW N/A
wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
CVE-2006-3652 1 Microsoft 1 Isa Server 2026-06-16 7.5 HIGH N/A
Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
CVE-2006-3649 1 Microsoft 1 Visual Basic 2026-06-16 5.1 MEDIUM N/A
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
CVE-2006-3640 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
CVE-2006-3639 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 7.5 HIGH N/A
Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
CVE-2006-3637 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 5.1 MEDIUM N/A
Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
CVE-2006-3636 1 Gnu 1 Mailman 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3634 1 Linux 1 Linux Kernel 2026-06-16 4.9 MEDIUM N/A
The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 perform the atomic futex operation in the kernel address space instead of the user address space, which allows local users to cause a denial of service (crash).
CVE-2006-3626 1 Linux 1 Linux Kernel 2026-06-16 6.2 MEDIUM N/A
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
CVE-2006-3625 1 Flv 1 Flv Player 2026-06-16 5.0 MEDIUM N/A
FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.
CVE-2006-3624 1 Flv 1 Flv Player 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php.
CVE-2006-3623 1 Mcafee 1 Epolicy Orchestrator Agent 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
CVE-2006-3622 1 Dream4 1 Koobi Pro 2026-06-16 5.0 MEDIUM N/A
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
CVE-2006-3621 1 Dream4 1 Koobi Pro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
CVE-2006-3620 1 Dream4 1 Koobi Pro 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.
CVE-2006-3619 1 Fastjar 1 Fastjar 2026-06-16 2.6 LOW N/A
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
CVE-2006-3618 1 Pixelated By Lev 1 Pixelated By Lev Guestbook 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters.
CVE-2006-3617 1 Pixelated By Lev 1 Pixelated By Lev Guestbook 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.
CVE-2006-3616 1 Carbonize 1 Lazarus Guestbook 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
CVE-2006-3615 1 Phorum 1 Phorum 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.