Total
29924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2026-06-16 | 7.2 HIGH | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | |||||
| CVE-2006-1378 | 1 Counterpane | 1 Password Safe | 2026-06-16 | 4.9 MEDIUM | N/A |
| PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand() seed values and conducting a known plaintext attack. | |||||
| CVE-2006-1377 | 2 Comoblog Project, Easymoblog | 2 Comoblog, Easymoblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter. | |||||
| CVE-2006-1376 | 1 Debian | 1 Debian Linux | 2026-06-16 | 2.1 LOW | N/A |
| The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2006-1375 | 1 Brain Book Software | 1 Adman | 2026-06-16 | 5.0 MEDIUM | N/A |
| AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php. | |||||
| CVE-2006-1374 | 1 Brain Book Software | 1 Adman | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter. | |||||
| CVE-2006-1373 | 1 Php Live | 1 Php Live | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter. | |||||
| CVE-2006-1372 | 1 Benson It Solutions | 1 1webcalendar | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm. | |||||
| CVE-2006-1370 | 1 Realnetworks | 2 Realone Player, Realplayer | 2026-06-16 | 9.3 HIGH | N/A |
| Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. | |||||
| CVE-2006-1369 | 1 Invision Power Services | 1 Invision Power Board | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. | |||||
| CVE-2006-1366 | 1 Motorola | 1 Pebl U6 | 2026-06-16 | 7.8 HIGH | N/A |
| Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on Bluetooth channel 9. | |||||
| CVE-2006-1365 | 1 Motorola | 3 E398, Pebl U6, V600 | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack. | |||||
| CVE-2006-1363 | 1 Justin White | 1 Freewps | 2026-06-16 | 7.5 HIGH | N/A |
| images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file. | |||||
| CVE-2006-1362 | 1 Mini-nuke | 1 Mini-nuke Cms | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870. | |||||
| CVE-2006-1361 | 1 Oswiki | 1 Oswiki | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. | |||||
| CVE-2006-1358 | 1 Oracle | 1 Weblogic Portal | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user. | |||||
| CVE-2006-1357 | 1 F5 | 1 Firepass 4100 | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-1356 | 1 Andrew Hsu | 2 Libvc, Rolo | 2026-06-16 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line. | |||||
| CVE-2006-1355 | 1 Alwil | 1 Avast Antivirus | 2026-06-16 | 7.2 HIGH | N/A |
| avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files. | |||||
| CVE-2006-1354 | 1 Freeradius | 1 Freeradius | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. | |||||
