Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4036 1 Zonemetrics 1 Zonex Publishers Gold Edition 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4037 1 Fenestrae 1 Faxination Server 2026-04-16 N/A
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2006-4043 1 Mywebland 1 Mybloggie 2026-04-16 N/A
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
CVE-2006-4046 1 Open Cubic Player 1 Open Cubic Player 2026-04-16 N/A
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
CVE-2006-4078 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
CVE-2006-4079 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
CVE-2006-4080 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
CVE-2006-4889 1 Telekorn 1 Signkorn Guestbook 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
CVE-2006-4081 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
CVE-2006-4082 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
CVE-2006-4893 1 Phpbb Xs 1 Phpbb Xs 2026-04-16 N/A
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
CVE-2006-4083 1 Mywebland 1 Myevent 2026-04-16 N/A
PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2114 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.
CVE-2006-2115 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.
CVE-2006-4901 1 Broadcom 4 Etrust Audit Client, Etrust Audit Datatools, Etrust Audit Policy Manager and 1 more 2026-04-16 N/A
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
CVE-2006-2161 3 Cam Development, Erik Dienske, Roger Aelbrecht 3 Cam Unzip, Abakt, Tzipbuilder 2026-04-16 N/A
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name.
CVE-2006-2163 1 Desert Dog Software 1 Pinnacle Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.
CVE-2006-2171 1 Jgaa 1 Warftpd 2026-04-16 N/A
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.
CVE-2006-2173 1 Filezilla 1 Filezilla Server 2026-04-16 N/A
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.
CVE-2006-2179 1 Smartwin Technology 1 Cyberoffice Warehouse Builder 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.