Export limit exceeded: 360195 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360195 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5060 | 1 Jamroom | 1 Jamroom | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode. | ||||
| CVE-2006-5085 | 1 Pixel Motion | 1 Pixel Motion Blog | 2026-04-23 | N/A |
| Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | ||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2026-04-23 | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | ||||
| CVE-2006-5138 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-23 | N/A |
| Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message. | ||||
| CVE-2006-5139 | 1 Mkportal | 1 Mkportal | 2026-04-23 | N/A |
| Unspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox. | ||||
| CVE-2006-5144 | 1 Olate | 1 Olatedownload | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter. | ||||
| CVE-2006-5149 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php. | ||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2026-04-23 | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3931 | 1 R Foundation | 1 R | 2026-04-23 | N/A |
| javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2008-3932 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop. | ||||
| CVE-2006-5153 | 1 Kerio | 1 Personal Firewall | 2026-04-23 | N/A |
| The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. | ||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2026-04-23 | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | ||||
| CVE-2006-5157 | 1 Trend Micro | 1 Officescan | 2026-04-23 | N/A |
| Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". | ||||
| CVE-2006-5925 | 3 Elinks, Links, Redhat | 3 Elinks, Links, Enterprise Linux | 2026-04-23 | N/A |
| Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | ||||
| CVE-2009-3324 | 1 Andres G Aragoneses | 1 Prodler | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/prodler.class.php in ProdLer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sPath parameter. | ||||
| CVE-2006-5158 | 3 Canonical, Linux, Redhat | 7 Ubuntu Linux, Linux Kernel, Enterprise Linux and 4 more | 2026-04-23 | 7.5 High |
| The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | ||||
| CVE-2006-5159 | 1 Mozilla | 1 Firefox | 2026-04-23 | N/A |
| Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources" | ||||
| CVE-2006-5190 | 1 Oscommerce | 1 Oscommerce | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 Milestone 2 Update 060817 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in the (a) banner_manager.php, (b) banner_statistics.php, (c) countries.php, (d) currencies.php, (e) languages.php, (f) manufacturers.php, (g) newsletters.php, (h) orders_status.php, (i) products_attributes.php, (j) products_expected.php, (k) reviews.php, (l) specials.php, (m) stats_products_purchased.php, (n) stats_products_viewed.php, (o) tax_classes.php, (p) tax_rates.php, or (q) zones.php scripts in /admin, and the (2) zpage parameter in (r) admin/geo_zones.php. | ||||
| CVE-2006-5195 | 1 Wheatblog | 1 Wheatblog | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | ||||