Export limit exceeded: 346300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5865 | 1 Damien Benier | 1 Myalbum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. | ||||
| CVE-2007-2519 | 1 Php Group | 1 Pear | 2026-04-23 | N/A |
| Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. | ||||
| CVE-2006-5866 | 1 Phpmanta | 1 Phpmanta | 2026-04-23 | N/A |
| Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter. | ||||
| CVE-2006-5867 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-23 | N/A |
| fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks. | ||||
| CVE-2006-5870 | 3 Openoffice, Redhat, Sun | 3 Openoffice, Enterprise Linux, Staroffice | 2026-04-23 | N/A |
| Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. | ||||
| CVE-2006-5873 | 2 Debian, L2tpns | 2 Debian Linux, L2tpns | 2026-04-23 | N/A |
| Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. | ||||
| CVE-2007-2525 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-23 | N/A |
| Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. | ||||
| CVE-2006-5878 | 1 Edgewall Software | 1 Trac | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | ||||
| CVE-2006-5879 | 1 Aspportal | 1 Aspportal | 2026-04-23 | N/A |
| SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. | ||||
| CVE-2006-5884 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | ||||
| CVE-2006-5892 | 1 The Net Guys | 1 Aspired2poll | 2026-04-23 | N/A |
| SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-5902 | 1 Viksoe | 1 Gmail Drive | 2026-04-23 | N/A |
| viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GMAILFS: [13;a;1] message with a new filename and a file attachment, which injects a new file into the filesystem; (2) a GMAILFS: [13;a;1] message with an existing filename and a file attachment, which overwrites existing file content; and (3) a GMAILFS: [14;a;1] message, which creates a folder. | ||||
| CVE-2007-2539 | 1 Runcms | 1 Runcms | 2026-04-23 | N/A |
| The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | ||||
| CVE-2006-5903 | 1 Rahul Jonna | 1 Gspace | 2026-04-23 | N/A |
| Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder. | ||||
| CVE-2009-3661 | 2 Blueconstantmedia, Joomla | 2 Com Djcatalog, Joomla | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. | ||||
| CVE-2006-5909 | 1 Paul Tarjan | 1 Stanford Conference And Research Forum | 2026-04-23 | N/A |
| generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts. | ||||
| CVE-2006-5910 | 1 Campware.org | 1 Campsite | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/. | ||||
| CVE-2007-2542 | 1 Workbench Survival Guide | 1 Workbench Survival Guide | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-2550 | 1 Devellion | 1 Cubecart | 2026-04-23 | N/A |
| Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. | ||||
| CVE-2006-5918 | 1 Php Rapid Kill | 1 Php Rapid Kill | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files on specific public web sites. | ||||