Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5718 2 Debian, Vobcopy 2 Debian Linux, Vobcopy 2026-04-23 N/A
vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.
CVE-2006-5060 1 Jamroom 1 Jamroom 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in login.php in Jamroom 3.0.16 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the forgot parameter in the forgot mode.
CVE-2006-5063 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode.
CVE-2006-5064 1 Birdblog 1 Birdblog 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5090 1 Phoenix Evolution 1 Phoenix Evolution Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-5734 1 Efileman 1 Efileman 2026-04-23 N/A
Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html.
CVE-2007-5745 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-23 N/A
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
CVE-2007-5761 1 Motorola 1 Netoctopus 2026-04-23 N/A
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the SYSENTER_EIP_MSR CPU Model Specific Register (MSR) value.
CVE-2007-5762 1 Novell 1 Netware Client 2026-04-23 N/A
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
CVE-2008-1212 1 Podcast Generator 1 Podcast Generator 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in set_permissions.php in Podcast Generator 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the scriptlang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5149 1 Openbiblio 1 Openbiblio 2026-04-23 N/A
Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php.
CVE-2006-5151 1 Hp 1 Hp-ux 2026-04-23 N/A
Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.
CVE-2007-5764 1 Ibm 1 Aix 2026-04-23 N/A
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
CVE-2006-5155 1 Videodb 1 Videodb 2026-04-23 N/A
PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
CVE-2006-5158 3 Canonical, Linux, Redhat 7 Ubuntu Linux, Linux Kernel, Enterprise Linux and 4 more 2026-04-23 7.5 High
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.
CVE-2006-5165 1 Skrypty 1 Ppa Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.
CVE-2006-5173 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2026-04-23 N/A
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.
CVE-2006-5281 1 Navyism 1 N At Board 2026-04-23 N/A
PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.
CVE-2008-4163 1 Isc 1 Bind 2026-04-23 N/A
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
CVE-2008-4170 1 Oscommerce 1 Oscommerce 2026-04-23 N/A
create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message.