Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0022 6 Bsdi, Freebsd, Hp and 3 more 7 Bsd Os, Freebsd, Hp-ux and 4 more 2026-04-16 7.8 High
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
CVE-1999-0023 6 Bsdi, Freebsd, Ibm and 3 more 10 Bsd Os, Freebsd, Aix and 7 more 2026-04-16 N/A
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
CVE-2004-0667 2 Gentoo, Rsbac 2 Linux, Rule Set Based Access Control 2026-04-16 N/A
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
CVE-2005-4602 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
CVE-2005-4604 1 Jean-jacques Sarton 1 Mtink 2026-04-16 N/A
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2006-2314 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.
CVE-2006-2553 1 Jemscripts 1 Downloadcontrol 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector.
CVE-2006-2557 1 Florian Amrhein 1 Newsportal 2026-04-16 N/A
PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2006-2558 1 Iplogger 1 Iplogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed.
CVE-2006-2559 1 Linksys 2 Wrt54g, Wrt54g V5 2026-04-16 N/A
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2006-2565 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.
CVE-2006-2568 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
CVE-2006-2570 1 Calogic 1 Calogic Calendars 2026-04-16 N/A
PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue.
CVE-2006-2572 1 Dian Gemilang 1 Dgbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.
CVE-2006-2575 1 Pyrosoft Inc 1 Netpanzer 2026-04-16 N/A
The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.
CVE-2006-2577 1 Docebo 1 Docebo 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
CVE-2004-1921 1 X-micro 1 Wlan 11b Broadband Router Firmware 2026-04-16 N/A
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access.
CVE-2006-4938 1 Moodle 1 Moodle 2026-04-16 N/A
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2006-4941 1 Moodle 1 Moodle 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2006-4946 1 Cmsdevelopment 1 Business Card Web Builder 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.