Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3356 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 2.6 LOW N/A
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
CVE-2006-3355 1 Mpg123 1 Mpg123 2026-06-16 7.5 HIGH N/A
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
CVE-2006-3354 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.
CVE-2006-3352 1 Mozilla 1 Firefox 2026-06-16 6.4 MEDIUM N/A
Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. It is being assigned a candidate number to provide a clear indication of its status
CVE-2006-3351 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-06-16 5.4 MEDIUM N/A
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
CVE-2006-3350 1 Cimmetry Systems 1 Autovue Solidmodel Professional 2026-06-16 5.1 MEDIUM N/A
Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive.
CVE-2006-3349 1 Sms Script 1 Sms Script 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.
CVE-2006-3348 1 Swsoft 1 Hspcomplete 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.
CVE-2006-3347 1 Devilz Clanportal 1 Devilz Clanportal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3346 1 Carlos Sanchez Valle 1 Mynewsgroups 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.
CVE-2006-3345 1 Ajax Softwares 1 Alipager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and earlier, allows remote attackers to inject arbitrary web script or HTML via a chat line.
CVE-2006-3343 1 Crisoft Ricette 1 Crisoft Ricette 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter.
CVE-2006-3342 1 Olate 1 Arctic 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.
CVE-2006-3341 1 Myads 1 Myads 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2006-3340 1 Pearlinger 1 Pearl For Mambo 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.
CVE-2006-3339 1 Atlassian 1 Jira 2026-06-16 5.0 MEDIUM N/A
secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.
CVE-2006-3338 1 Atlassian 1 Jira 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page.
CVE-2006-3337 1 Cpanel 1 Cpanel 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2006-3336 1 Twiki 1 Twiki 2026-06-16 4.0 MEDIUM N/A
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
CVE-2006-3334 1 Greg Roelofs 1 Libpng 2026-06-16 7.5 HIGH N/A
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name".