Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3124 1 Streamripper 1 Streamripper 2026-06-16 7.5 HIGH N/A
Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.
CVE-2006-3123 1 Matt Blaze 1 Cryptographic File System 2026-06-16 2.1 LOW N/A
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
CVE-2006-3120 1 Brian Wotring 1 Osiris 2026-06-16 7.5 HIGH N/A
Format string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions.
CVE-2006-3119 1 Fbi 1 Fbi 2026-06-16 5.1 MEDIUM N/A
The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.
CVE-2006-3118 1 Canonical 1 Spread 2026-06-16 1.2 LOW N/A
spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.
CVE-2006-3116 1 Spiffyjr 1 Phpraid 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
CVE-2006-3115 1 Spiffyjr 1 Phpraid 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.
CVE-2006-3114 1 Pc Tools 1 Pc Tools Antivirus 2026-06-16 4.6 MEDIUM N/A
PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
CVE-2006-3113 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-06-16 7.5 HIGH N/A
Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.
CVE-2006-3112 1 Chipmailer 1 Chipmailer 2026-06-16 5.0 MEDIUM N/A
Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function.
CVE-2006-3111 1 Chipmailer 1 Chipmailer 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.
CVE-2006-3110 1 Chipmailer 1 Chipmailer 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters.
CVE-2006-3109 1 Cisco 1 Call Manager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
CVE-2006-3108 1 Emailarchitect 1 Email Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter.
CVE-2006-3107 1 Docebo 1 Docebo 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.
CVE-2006-3106 1 Fredi Bach 1 Phpmydesktop Arcade 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.
CVE-2006-3105 1 Bitweaver 1 Bitweaver 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CVE-2006-3104 1 Bitweaver 1 Bitweaver 2026-06-16 5.0 MEDIUM N/A
users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.
CVE-2006-3103 1 Bitweaver 1 Bitweaver 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
CVE-2006-3102 1 Bitweaver 1 Bitweaver 2026-06-16 5.1 MEDIUM N/A
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.