Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3532 1 Pivot 1 Pivot 2026-04-16 N/A
PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter.
CVE-2004-0224 3 Double Precision Incorporated, Gentoo, Inter7 4 Courier Mta, Sqwebmail, Linux and 1 more 2026-04-16 N/A
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."
CVE-2004-0679 1 Unreal 1 Unrealircd 2026-04-16 N/A
The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.
CVE-2005-0232 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
CVE-2006-1362 1 Mini-nuke 1 Mini-nuke Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870.
CVE-2006-3669 1 Mercury Messenger 1 Mercury Messenger 2026-04-16 N/A
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.
CVE-2005-4158 1 Todd Miller 1 Sudo 2026-04-16 N/A
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
CVE-2006-1374 1 Brain Book Software 1 Adman 2026-04-16 N/A
SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.
CVE-2006-1379 1 Trend Micro 1 Pc-cillin 2006 2026-04-16 N/A
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.
CVE-2006-1381 1 Trend Micro 1 Officescan 2026-04-16 N/A
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
CVE-2006-3676 1 Planet Concept 1 Planetgallery 2026-04-16 N/A
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
CVE-2006-1385 1 Kismac 1 Kismac 2026-04-16 N/A
Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame.
CVE-2006-3689 1 Codeworks 1 Gnomedia Subberz 2026-04-16 N/A
PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir variable is set before any GET variables are processed.
CVE-2006-3690 1 Minibb 1 Forum 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
CVE-2005-3557 1 Tincan 1 Phplist 2026-04-16 N/A
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
CVE-2006-3691 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.
CVE-2006-1434 1 Annuaire 1 Directory 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter).
CVE-2004-0242 1 Qualiteam 1 X-cart 2026-04-16 N/A
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
CVE-2006-1435 1 Accounting Receiving And Inventory Administration 1 Aria 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).
CVE-2004-0475 1 Microsoft 1 Ie 2026-04-16 N/A
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.