Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2465 1 Mp3info 1 Mp3info 2026-06-16 5.1 MEDIUM N/A
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
CVE-2006-2464 1 Bea 1 Weblogic Server 2026-06-16 4.6 MEDIUM N/A
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
CVE-2006-2463 1 Out Of The Trees Web Design 1 Selectapix 2026-06-16 5.0 MEDIUM N/A
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.
CVE-2006-2462 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
CVE-2006-2461 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
CVE-2006-2460 1 Sugarcrm 1 Sugarcrm 2026-06-16 6.4 MEDIUM N/A
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
CVE-2006-2459 1 Php Fusion 1 Php Fusion 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
CVE-2006-2458 1 Libextractor 1 Libextractor 2026-06-16 4.0 MEDIUM N/A
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
CVE-2006-2452 1 Gnome 1 Gdm 2026-06-16 3.7 LOW N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2006-2450 1 Libvncserver 1 Libvncserver 2026-06-16 7.5 HIGH N/A
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
CVE-2006-2449 1 Kde 1 Kde 2026-06-16 4.0 MEDIUM N/A
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2448 1 Linux 1 Linux Kernel 2026-06-16 5.6 MEDIUM N/A
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
CVE-2006-2446 1 Linux 1 Linux Kernel 2026-06-16 5.4 MEDIUM N/A
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
CVE-2006-2445 1 Linux 1 Linux Kernel 2026-06-16 4.0 MEDIUM N/A
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
CVE-2006-2444 1 Linux 1 Linux Kernel 2026-06-16 7.8 HIGH N/A
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
CVE-2006-2443 1 Knowledgetree 1 Knowledgetree 2026-06-16 4.6 MEDIUM N/A
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.
CVE-2006-2442 1 Kphone 1 Kphone 2026-06-16 4.6 MEDIUM N/A
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
CVE-2006-2441 1 Pioneers 1 Pioneers Meta-server 2026-06-16 5.0 MEDIUM N/A
Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.
CVE-2006-2440 1 Imagemagick 1 Imagemagick 2026-06-16 7.5 HIGH N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
CVE-2006-2438 1 Caucho Technology 1 Resin 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.