Search Results (367118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4553 2 Joomla, Mambo 2 Com Comprofiler Component, Com Comprofiler Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-1864 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-2006-4560 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
CVE-2006-4563 1 Phpnuke 1 Myheadlines 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php.
CVE-2005-1867 1 Symantec 1 Brightmail Antispam 2026-04-16 N/A
Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.
CVE-2006-4564 1 Simplemachines 1 Smf 2026-04-16 N/A
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.
CVE-2006-4566 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
CVE-2006-4568 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-16 N/A
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
CVE-2006-4569 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
CVE-2006-2588 1 Russcom Network 1 Phpimages 2026-04-16 N/A
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability.
CVE-2006-2590 1 E107 1 E107 2026-04-16 N/A
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2001-0752 1 Cisco 1 Cbos 2026-04-16 N/A
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
CVE-2006-2591 1 E107 1 E107 2026-04-16 N/A
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2006-2608 1 Artmedic Webdesign 1 Artmedic Newsletter 2026-04-16 N/A
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
CVE-2006-2612 1 Novell 1 Client 2026-04-16 N/A
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt.
CVE-2006-4588 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
CVE-2006-2613 2 Mozilla, Netscape 3 Firefox, Mozilla Suite, Navigator 2026-04-16 N/A
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
CVE-2006-2629 1 Linux 1 Linux Kernel 2026-04-16 N/A
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
CVE-2006-4590 1 Jetstat.com 1 Js Asp Faq Manager 2026-04-16 N/A
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4591 1 Alstrasoft 1 Template Seller 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.