Total
29927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1070 | 1 Dvguestbook | 1 Dvguestbook | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter. | |||||
| CVE-2006-1069 | 1 Geeklog | 1 Geeklog | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors. | |||||
| CVE-2006-1068 | 1 Netgear | 1 Netgear Router | 2026-06-16 | 4.9 MEDIUM | N/A |
| Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
| CVE-2006-1067 | 1 Linksys | 1 Wrt54g V5 | 2026-06-16 | 5.0 MEDIUM | N/A |
| Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
| CVE-2006-1066 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 1.2 LOW | N/A |
| Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call. | |||||
| CVE-2006-1065 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. | |||||
| CVE-2006-1064 | 1 Lurker | 1 Lurker | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1063 | 1 Lurker | 1 Lurker | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". | |||||
| CVE-2006-1062 | 1 Lurker | 1 Lurker | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2006-1061 | 1 Daniel Stenberg | 1 Curl | 2026-06-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. | |||||
| CVE-2006-1059 | 1 Samba | 1 Samba | 2026-06-16 | 1.2 LOW | N/A |
| The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | |||||
| CVE-2006-1055 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 4.9 MEDIUM | N/A |
| The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 up to versions before 2.6.17-rc1 does not zero terminate a buffer when a length of PAGE_SIZE or more is requested, which might allow local users to cause a denial of service (crash) by causing an out-of-bounds read. | |||||
| CVE-2006-1052 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 2.1 LOW | N/A |
| The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | |||||
| CVE-2006-1051 | 1 Akarru | 1 Social Bookmarking Engine | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php. | |||||
| CVE-2006-1050 | 1 Kwik-pay | 1 Kwik-pay Payroll | 2026-06-16 | 2.1 LOW | N/A |
| Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers. | |||||
| CVE-2006-1048 | 1 Joomla | 1 Joomla | 2026-06-16 | 5.0 MEDIUM | N/A |
| Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | |||||
| CVE-2006-1047 | 1 Joomla | 1 Joomla | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | |||||
| CVE-2006-1046 | 1 Monopd | 1 Monopd | 2026-06-16 | 5.0 MEDIUM | N/A |
| server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | |||||
| CVE-2006-1045 | 1 Mozilla | 1 Thunderbird | 2026-06-16 | 2.6 LOW | N/A |
| The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | |||||
| CVE-2006-1044 | 1 Lsoft | 1 Listserv | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. | |||||
