Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4877 1 David Bennett 1 Php-post 2026-04-16 N/A
Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
CVE-2006-4878 1 David Bennett 1 Php-post 2026-04-16 N/A
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
CVE-2006-4879 1 David Bennett 1 Php-post 2026-04-16 N/A
SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2006-4880 1 David Bennett 1 Php-post 2026-04-16 N/A
David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
CVE-2006-4885 1 Shadowed Portal 1 Shadowed Portal 2026-04-16 N/A
PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
CVE-2006-4886 1 Mcafee 2 Scan Engine, Virusscan Enterprise 2026-04-16 N/A
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
CVE-2006-4887 1 Apple 2 Apple Remote Desktop, Mac Os X 2026-04-16 N/A
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVE-2006-4888 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
CVE-2006-4890 1 Unak 1 Unak Cms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
CVE-2006-4891 1 Techno Dreams 1 Articles And Papers Package 2026-04-16 N/A
SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-4892 1 Techno Dreams 1 Faq Manager Package 2026-04-16 N/A
SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2006-4894 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2006-4895 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
CVE-2006-4897 1 Cmtexts 1 Cmtexts 2026-04-16 N/A
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
CVE-2006-4898 1 Guanxicrm 1 Guanxicrm Business Solution 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
CVE-2005-0511 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
CVE-2005-0068 1 Tcp 1 Tcp 2026-04-16 N/A
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVE-2005-0069 2 Redhat, Vim Development Group 2 Enterprise Linux, Vim 2026-04-16 N/A
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2005-0070 1 Synaesthesia 1 Synaesthesia 2026-04-16 N/A
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.
CVE-2005-0071 1 Vdr 1 Vdr 2026-04-16 N/A
vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.