Vulnerabilities (CVE)

Total 362811 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2200 2 Mimms, Xine 2 Mimms, Xine-lib 2026-06-16 5.1 MEDIUM N/A
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.
CVE-2006-2199 2 Openoffice, Sun 2 Openoffice, Staroffice 2026-06-16 7.6 HIGH N/A
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
CVE-2006-2198 2 Openoffice, Sun 2 Openoffice, Staroffice 2026-06-16 7.6 HIGH N/A
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
CVE-2006-2197 1 Wvware 1 Wv2 2026-06-16 6.5 MEDIUM N/A
Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document.
CVE-2006-2196 1 Jochen Friedrich 1 Pinball 2026-06-16 4.6 MEDIUM N/A
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.
CVE-2006-2195 1 Horde 1 Horde 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-2194 1 Point-to-point Protocol Project 1 Point-to-point Protocol 2026-06-16 7.2 HIGH N/A
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
CVE-2006-2193 1 Libtiff 1 Libtiff 2026-06-16 7.5 HIGH N/A
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.
CVE-2006-2191 1 Gnu 1 Mailman 2026-06-16 7.5 HIGH N/A
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
CVE-2006-2190 1 Open Webmail 1 Open Webmail 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
CVE-2006-2189 1 Servous 1 Sblog 2026-06-16 10.0 HIGH N/A
SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135.
CVE-2006-2188 1 Cmscout 1 Cmscout 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post.
CVE-2006-2187 1 Zenphoto 1 Zenphoto 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
CVE-2006-2186 1 Zenphoto 1 Zenphoto 2026-06-16 5.0 MEDIUM N/A
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
CVE-2006-2185 1 Novell 1 Netware 2026-06-16 4.0 MEDIUM N/A
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges.
CVE-2006-2184 1 Chadha Software Technologies 1 Phpkb Knowledge Base 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues."
CVE-2006-2183 1 Truecrypt Foundation 1 Truecrypt 2026-06-16 7.2 HIGH N/A
Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
CVE-2006-2182 1 Albinator 1 Albinator 2026-06-16 6.4 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.
CVE-2006-2181 1 Albinator 1 Albinator 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.
CVE-2006-2180 1 Kmint21 Software 1 Golden Ftp Server 2026-06-16 6.4 MEDIUM N/A
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.