Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5445 1 Digium 1 Asterisk 2026-04-23 N/A
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
CVE-2006-5444 1 Digium 1 Asterisk 2026-04-23 N/A
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
CVE-2006-5443 1 Xiao Gang 1 Www Interactive Mathematics Server 2026-04-23 N/A
Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."
CVE-2006-5442 1 Viewvc 1 Viewvc 2026-04-23 N/A
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
CVE-2006-5414 1 Barry Nauta 1 Brim 2026-04-23 N/A
Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL.
CVE-2006-5412 1 Php Outburst 1 Easynews 2026-04-23 N/A
admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.
CVE-2006-5411 1 Justin White 1 Freewps 2026-04-23 N/A
Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.
CVE-2006-5409 1 Mobilesecure Inc 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5408 1 Mobilesecure Inc 2 Highwall Endpoint, Highwall Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.
CVE-2006-5406 1 Passgo 1 Defender 2026-04-23 N/A
Passgo Defender 5.2 creates the application directory with insecure permissions (Everyone/Full Control), which allows local users to read and modify sensitive files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5405 1 Toshiba 1 Bluetooth Wireless Device Driver 2026-04-23 N/A
Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets.
CVE-2006-5382 1 3com 1 Superstack 3 Switch 4400 2026-04-23 N/A
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
CVE-2006-4805 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
CVE-2006-4574 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 7.5 High
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.
CVE-2006-4513 1 Wvware 1 Wvware 2026-04-23 N/A
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
CVE-2006-4248 1 Acme Labs 1 Thttpd 2026-04-23 N/A
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
CVE-2006-4177 1 Novell 1 Edirectory 2026-04-23 N/A
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
CVE-2007-5102 1 Wordsmith 1 Wordsmith 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter.
CVE-2009-2033 1 Ricardo Alexandre De Oliveira Staudt 1 Yogurt 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2007-5674 1 Instaguide 1 Weather 2026-04-23 N/A
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.