Total
361769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1262 | 1 Aspportal | 1 Aspportal | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. | |||||
| CVE-2006-1261 | 1 Aspportal | 1 Aspportal | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1260 | 1 Horde | 1 Horde | 2026-06-16 | 5.0 MEDIUM | N/A |
| Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. | |||||
| CVE-2006-1259 | 1 Maian | 1 Support | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. | |||||
| CVE-2006-1258 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. | |||||
| CVE-2006-1257 | 1 Microsoft | 1 Commerce Server | 2026-06-16 | 7.5 HIGH | N/A |
| The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | |||||
| CVE-2006-1256 | 1 Skullsplitter | 1 Php Guestbook | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2006-1255 | 1 Mercur | 1 Mercur Messaging | 2026-06-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. | |||||
| CVE-2006-1254 | 1 Borderware | 1 Mxtreme | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1253 | 1 Glftpd | 1 Glftpd | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. | |||||
| CVE-2006-1252 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2026-06-16 | 7.5 HIGH | N/A |
| Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | |||||
| CVE-2006-1251 | 1 Sa-exim | 1 Sa-exim | 2026-06-16 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command. | |||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | |||||
| CVE-2006-1249 | 1 Apple | 2 Itunes, Quicktime | 2026-06-16 | 6.8 MEDIUM | N/A |
| Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||||
| CVE-2006-1248 | 1 Hp | 1 Hp-ux | 2026-06-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended. | |||||
| CVE-2006-1247 | 1 Ibm | 1 Aix | 2026-06-16 | 3.3 LOW | N/A |
| rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2006-1246 | 1 Ibm | 1 Aix | 2026-06-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability. | |||||
| CVE-2006-1245 | 1 Microsoft | 1 Ie | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | |||||
| CVE-2006-1244 | 4 Debian, Gnome, Libextractor and 1 more | 4 Debian Linux, Gpdf, Libextractor and 1 more | 2026-06-16 | 7.6 HIGH | N/A |
| Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. | |||||
| CVE-2006-1243 | 1 Alexander Palmo | 1 Simple Php Blog | 2026-06-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | |||||