Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5415 1 News Defilante Horizontale 1 News Defilante Horizontale 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5472 1 Softerra 1 Php Developer Library 2026-04-23 N/A
PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php.
CVE-2006-5483 1 Freebsd 1 Freebsd 2026-04-23 N/A
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
CVE-2006-5525 1 Phpnuke 1 Php-nuke 2026-04-23 N/A
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
CVE-2007-5428 1 Umi-cms 1 Umi Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.
CVE-2006-5531 1 Ascended Development 1 Ascended Guestbook 2026-04-23 N/A
PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.
CVE-2008-1716 1 Woltlab 1 Burning Board 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
CVE-2008-1717 1 Woltlab 1 Burning Board 2026-04-23 N/A
WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
CVE-2008-1148 8 Apple, Cosmicperl, Darwin and 5 more 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more 2026-04-23 N/A
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
CVE-2008-1149 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
CVE-2006-5561 1 Discuz 1 Discuz Gbk 2026-04-23 N/A
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
CVE-2006-5570 1 Kynoslogic 1 Cruiseworks 2026-04-23 N/A
Directory traversal vulnerability in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to read arbitrary files via a .. (dot dot) in the doc parameter.
CVE-2007-5444 1 Cmsmadesimple 1 Cms Made Simple 2026-04-23 N/A
CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
CVE-2008-1150 1 Cisco 1 Ios 2026-04-23 N/A
The virtual private dial-up network (VPDN) component in Cisco IOS before 12.3 allows remote attackers to cause a denial of service (resource exhaustion) via a series of PPTP sessions, related to the persistence of interface descriptor block (IDB) data structures after process termination, aka bug ID CSCdv59309.
CVE-2007-5445 1 Db Software Laboratory 1 Vimpx 2026-04-23 N/A
Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.
CVE-2007-5446 1 Perfection Bytes 1 Pbemail 2026-04-23 N/A
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
CVE-2008-1153 1 Cisco 2 Cisco Ios, Ios 2026-04-23 N/A
Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device.
CVE-2006-5944 1 Mginternet 1 Car Site Manager 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2006-5958 1 Infinicart 1 Infinicart 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.
CVE-2006-5972 1 Netgear 2 Wg111v2, Wg111v2 Driver 2026-04-23 N/A
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.