Vulnerabilities (CVE)

Total 367072 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5665 1 Spider Friendly 1 Spider Friendly 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/modules_data.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5664 1 Ibm 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect 2026-06-16 4.6 MEDIUM N/A
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.
CVE-2006-5663 1 Ibm 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect 2026-06-16 4.6 MEDIUM N/A
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.
CVE-2006-5662 1 Evandor 1 Easy Notesmanager 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."
CVE-2006-5661 1 Virtech 1 Netquery 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2006-5660 1 Cisco 1 Security Agent Management Center 2026-06-16 7.5 HIGH N/A
Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server.
CVE-2006-5659 1 Pam Extern 1 Pam Extern 2026-06-16 2.1 LOW N/A
PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5658 1 Studio Achtundachtzig 1 Bloomooweb Activex Control 2026-06-16 7.6 HIGH N/A
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
CVE-2006-5657 1 Vilistextum 1 Vilistextum 2026-06-16 10.0 HIGH N/A
Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors.
CVE-2006-5656 1 Vilistextum 1 Vilistextum 2026-06-16 5.0 MEDIUM N/A
Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable. NOTE: it is not clear whether this is a vulnerability, due to the functionality of the product.
CVE-2006-5655 1 Opendocman 1 Opendocman 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-5654 1 Sun 2 Java System Web Server, One Application Server 2026-06-16 4.0 MEDIUM N/A
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.
CVE-2006-5653 1 Sun 1 Java System Messenger Express 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
CVE-2006-5652 1 Sun 1 Iplanet Messaging Server Messenger Express 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
CVE-2006-5651 1 Digioz 1 Digioz Guestbook 2026-06-16 5.0 MEDIUM N/A
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
CVE-2006-5650 1 Aol 1 Icq 2026-06-16 7.5 HIGH N/A
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
CVE-2006-5649 1 Ubuntu 1 Ubuntu Linux 2026-06-16 4.6 MEDIUM 5.5 MEDIUM
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
CVE-2006-5648 1 Ubuntu 1 Ubuntu Linux 2026-06-16 4.6 MEDIUM 5.5 MEDIUM
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
CVE-2006-5647 1 Sophos 2 Anti-virus, Endpoint Security 2026-06-16 6.4 MEDIUM N/A
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."
CVE-2006-5646 1 Sophos 2 Anti-virus, Endpoint Security 2026-06-16 5.0 MEDIUM N/A
Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.