Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29916 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3591 1 Microsoft 1 Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
CVE-2006-3590 1 Microsoft 1 Powerpoint 2026-06-16 5.1 MEDIUM N/A
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
CVE-2006-3589 1 Vmware 5 Esx, Infrastructure, Player and 2 more 2026-06-16 3.6 LOW N/A
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
CVE-2006-3586 1 Jetbox 1 Jetbox Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
CVE-2006-3585 1 Jetbox 1 Jetbox Cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.
CVE-2006-3584 1 Jetbox 1 Jetbox Cms 2026-06-16 7.5 HIGH N/A
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
CVE-2006-3580 1 Asp Stats Generator 1 Asp Stats Generator 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2006-3578 1 Fujitsu 1 Serverview 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2006-3577 1 Lifetype 1 Lifetype 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
CVE-2006-3576 1 Sensesites 1 Commonsense Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3575 1 Mcafee 1 Virusscan 2026-06-16 2.1 LOW N/A
Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) "Process name", (2) "Module name", or (3) "API name" fields.
CVE-2006-3574 1 Hitachi 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01).
CVE-2006-3572 1 Papoo 1 Papoo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
CVE-2006-3570 1 Drupal 1 Drupal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3567 1 Juniper 1 Dx 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.
CVE-2006-3566 1 Hivemail 1 Hivemail 2026-06-16 5.0 MEDIUM N/A
search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters.
CVE-2006-3565 1 Hivemail 1 Hivemail 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter.
CVE-2006-3564 1 Hivemail 1 Hivemail 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.
CVE-2006-3563 1 Winged Gallery 1 Winged Gallery 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2006-3560 1 Blue Dojo 1 Graffiti Forums 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter.