Vulnerabilities (CVE)

Total 363383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2463 1 Out Of The Trees Web Design 1 Selectapix 2026-06-16 5.0 MEDIUM N/A
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.
CVE-2006-2462 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
CVE-2006-2461 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
CVE-2006-2460 1 Sugarcrm 1 Sugarcrm 2026-06-16 6.4 MEDIUM N/A
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
CVE-2006-2459 1 Php Fusion 1 Php Fusion 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
CVE-2006-2458 1 Libextractor 1 Libextractor 2026-06-16 4.0 MEDIUM N/A
Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).
CVE-2006-2453 1 Dia 1 Dia 2026-06-16 7.5 HIGH N/A
Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.
CVE-2006-2452 1 Gnome 1 Gdm 2026-06-16 3.7 LOW N/A
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
CVE-2006-2451 1 Linux 1 Linux Kernel 2026-06-16 4.6 MEDIUM N/A
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2006-2450 1 Libvncserver 1 Libvncserver 2026-06-16 7.5 HIGH N/A
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.
CVE-2006-2449 1 Kde 1 Kde 2026-06-16 4.0 MEDIUM N/A
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVE-2006-2448 1 Linux 1 Linux Kernel 2026-06-16 5.6 MEDIUM N/A
Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c).
CVE-2006-2447 1 Apache 1 Spamassassin 2026-06-16 5.1 MEDIUM N/A
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2006-2446 1 Linux 1 Linux Kernel 2026-06-16 5.4 MEDIUM N/A
Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service (crash), as demonstrated using the TCP stress tests from the LTP test suite.
CVE-2006-2445 1 Linux 1 Linux Kernel 2026-06-16 4.0 MEDIUM N/A
Race condition in run_posix_cpu_timers in Linux kernel before 2.6.16.21 allows local users to cause a denial of service (BUG_ON crash) by causing one CPU to attach a timer to a process that is exiting.
CVE-2006-2444 1 Linux 1 Linux Kernel 2026-06-16 7.8 HIGH N/A
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.
CVE-2006-2443 1 Knowledgetree 1 Knowledgetree 2026-06-16 4.6 MEDIUM N/A
The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.
CVE-2006-2442 1 Kphone 1 Kphone 2026-06-16 4.6 MEDIUM N/A
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
CVE-2006-2441 1 Pioneers 1 Pioneers Meta-server 2026-06-16 5.0 MEDIUM N/A
Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.
CVE-2006-2440 1 Imagemagick 1 Imagemagick 2026-06-16 7.5 HIGH N/A
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.