Vulnerabilities (CVE)

Total 365117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3916 1 Solucija 1 Snews 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
CVE-2006-3915 1 Microsoft 2 Internet Explorer, Windows Xp 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2026-06-16 6.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2006-3913 1 Freeciv 1 Freeciv 2026-06-16 7.5 HIGH N/A
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
CVE-2006-3912 1 Rarlab 1 Winrar 2026-06-16 2.1 LOW N/A
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
CVE-2006-3911 1 Php Live 1 Php Live 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.
CVE-2006-3910 1 Microsoft 1 Ie 2026-06-16 5.0 MEDIUM N/A
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
CVE-2006-3909 1 Wired Community Software 1 Wwwthreads 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.
CVE-2006-3908 1 Gillius Programming 1 Game Networking Engine 2026-06-16 7.5 HIGH N/A
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.
CVE-2006-3907 1 Siemens 1 Speedstream Wireless Router 2026-06-16 5.0 MEDIUM N/A
Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.
CVE-2006-3906 1 Cisco 21 Adaptive Security Appliance Software, Ios, Pix Asa Ids and 18 more 2026-06-16 5.0 MEDIUM N/A
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
CVE-2006-3905 1 Mywebland 1 Mybloggie 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function.
CVE-2006-3904 1 Etomite 1 Etomite 2026-06-16 6.8 MEDIUM N/A
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-3903 1 Mywebland 1 Mybloggie 2026-06-16 5.8 MEDIUM N/A
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.
CVE-2006-3902 1 Phpfaber 1 Topsites 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3901 1 Tumbleweed 1 Mailgate Email Firewall 2026-06-16 7.5 HIGH N/A
Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.
CVE-2006-3900 1 Tobias Kloy 1 Tp-book 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-3899 1 Microsoft 2 Internet Explorer, Windows Xp 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
CVE-2006-3898 1 Microsoft 1 Internet Explorer 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
CVE-2006-3897 1 Microsoft 2 Internet Explorer, Windows 2000 2026-06-16 5.0 MEDIUM N/A
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.