Search Results (363760 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4586 1 Tr Forum 1 Tr Forum 2026-04-16 N/A
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
CVE-2006-4590 1 Jetstat.com 1 Js Asp Faq Manager 2026-04-16 N/A
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-1097 1 Rebrand 1 P2p Share Spy 2026-04-16 N/A
Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges.
CVE-2006-4604 1 Lanifex 1 Lanifex 2026-04-16 N/A
PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
CVE-2005-1098 1 Runtime Software 1 Getdataback For Ntfs 2026-04-16 N/A
GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.
CVE-2006-4607 1 Longino 1 Jacome Php-revista 2026-04-16 N/A
admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
CVE-2006-4609 1 Phpprojekt 1 Phpprojekt 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used
CVE-2006-0576 2 Maynard Johnson, Redhat 2 Oprofile, Enterprise Linux 2026-04-16 N/A
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
CVE-2006-4610 1 Graphiks 1 Grapagenda 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
CVE-2006-0590 1 Jaia Interactive 1 Mytopix 2026-04-16 N/A
MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax.
CVE-2006-4623 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
CVE-2006-4633 1 Softbb 1 Softbb 2026-04-16 N/A
index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
CVE-2006-0614 1 Sun 3 Jdk, Jre, Sdk 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
CVE-2006-2670 1 Calendarscripts.com 1 Chatpat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php.
CVE-2006-4635 1 Squiz 1 Mysource Classic 2026-04-16 N/A
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.
CVE-2005-1132 1 Lg Electronics 1 Lg Mobile Phone 2026-04-16 N/A
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.
CVE-2006-0616 1 Sun 2 Jdk, Jre 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
CVE-2006-4636 1 Szewo 1 Phpcommander 2026-04-16 N/A
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
CVE-2006-4640 2 Adobe, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
CVE-2005-1138 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.