Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29921 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1872 1 Oracle 1 Database Server 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.
CVE-2006-1869 1 Oracle 1 Database Server 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04.
CVE-2006-1867 1 Oracle 1 Database Server 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02.
CVE-2006-1864 1 Linux 1 Linux Kernel 2026-06-16 4.6 MEDIUM N/A
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.
CVE-2006-1863 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
CVE-2006-1862 1 Linux 1 Linux Kernel 2026-06-16 4.9 MEDIUM N/A
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
CVE-2006-1860 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
CVE-2006-1859 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialised return value," aka "slab leak."
CVE-2006-1856 1 Linux 1 Linux Kernel 2026-06-16 7.5 HIGH N/A
Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions.
CVE-2006-1855 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.
CVE-2006-1854 1 Bluepay 1 Bluepay Manager 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in BluePay Manager 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML during a login action via the (1) Account Name and (2) Username field. NOTE: the vendor has disputed this vulnerability, saying that "it does not exist currently in the Bluepay 2.0 product," and older versions might not have been affected either. As of 20060512, CVE has not formally investigated this dispute
CVE-2006-1853 1 Moderngigabyte 1 Modernbill 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) where and (3) order parameters to (b) admin.php.
CVE-2006-1852 1 Scriptsfrenzy 1 Article Publisher Pro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.
CVE-2006-1851 1 Skymarx Solutions 1 Xflow 2026-06-16 5.0 MEDIUM N/A
xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/index.cgi, probably due to invalid values.
CVE-2006-1850 1 Skymarx Solutions 1 Xflow 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.
CVE-2006-1849 1 Skymarx Solutions 1 Xflow 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
CVE-2006-1848 1 Linpha 1 Linpha 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.
CVE-2006-1847 1 Francisco Burzi 1 Php-nuke 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1846 1 Francisco Burzi 1 Php-nuke 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, it is unclear whether this issue is a vulnerability, since it is related to the user's personal menu, which presumably is not modifiable by others.
CVE-2006-1844 1 Debian 2 Base-config, Shadow 2026-06-16 2.1 LOW N/A
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.