Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0754 1 Dotproject 1 Dotproject 2026-06-16 5.0 MEDIUM N/A
dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
CVE-2006-0753 1 Microsoft 1 Ie 2026-06-16 2.6 LOW N/A
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
CVE-2006-0752 1 Niels Provos 1 Honeyd 2026-06-16 5.0 MEDIUM N/A
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
CVE-2006-0746 1 Xpdf 1 Xpdf 2026-06-16 7.5 HIGH N/A
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
CVE-2006-0745 5 Mandrakesoft, Redhat, Sun and 2 more 6 Mandrake Linux, Fedora Core, Solaris and 3 more 2026-06-16 7.2 HIGH N/A
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
CVE-2006-0742 1 Linux 1 Linux Kernel 2026-06-16 4.6 MEDIUM N/A
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.
CVE-2006-0741 1 Linux 1 Linux Kernel 2026-06-16 1.2 LOW N/A
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
CVE-2006-0739 1 Estara 1 Softphone 2026-06-16 5.0 MEDIUM N/A
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits.
CVE-2006-0738 1 Estara 1 Softphone 2026-06-16 5.0 MEDIUM N/A
Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
CVE-2006-0737 1 Estara 1 Softphone 2026-06-16 5.0 MEDIUM N/A
eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field.
CVE-2006-0736 1 Novell 2 Linux Desktop, Open Enterprise Server 2026-06-16 10.0 HIGH N/A
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-0735 2 Fuzzymonkey, M Blom 2 My Blog, Html-bbcode 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
CVE-2006-0733 1 Wordpress 1 Wordpress 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability
CVE-2006-0732 1 Sap 1 Business Connector 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.
CVE-2006-0731 1 Sap 1 Business Connector 2026-06-16 4.0 MEDIUM N/A
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
CVE-2006-0729 1 Teca Scripts 1 Teca Diary 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters.
CVE-2006-0728 1 Webspell 1 Webspell 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
CVE-2006-0727 1 Musox 1 Df Msanalysis 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
CVE-2006-0726 1 Cpg-nuke 1 Dragonfly Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
CVE-2006-0724 1 Reamday Enterprises 1 Magic News Lite 2026-06-16 2.6 LOW N/A
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.