Export limit exceeded: 363819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5528 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2026-04-23 | N/A |
| Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-5516 | 1 Wikini | 1 Wikini | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php. | ||||
| CVE-2006-5511 | 1 Jaxultrabb | 1 Jaxultrabb | 2026-04-23 | N/A |
| Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter. | ||||
| CVE-2006-5509 | 1 Woltlab | 1 Burning Book | 2026-04-23 | N/A |
| Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | ||||
| CVE-2006-5508 | 1 Woltlab | 1 Burning Book | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | ||||
| CVE-2006-5478 | 1 Novell | 1 Edirectory | 2026-04-23 | N/A |
| Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services. | ||||
| CVE-2006-5477 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL. | ||||
| CVE-2006-5476 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors. | ||||
| CVE-2006-5475 | 1 Drupal | 1 Drupal | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | ||||
| CVE-2006-5469 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference. | ||||
| CVE-2006-5468 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-23 | N/A |
| Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | ||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | ||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2026-04-23 | N/A |
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | ||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2026-04-23 | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | ||||
| CVE-2006-5442 | 1 Viewvc | 1 Viewvc | 2026-04-23 | N/A |
| ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view. | ||||
| CVE-2006-5414 | 1 Barry Nauta | 1 Brim | 2026-04-23 | N/A |
| Barry Nauta BRIM before 1.2.1 allows remote authenticated users to read information from other users via a modified URL. | ||||
| CVE-2006-5412 | 1 Php Outburst | 1 Easynews | 2026-04-23 | N/A |
| admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter. | ||||
| CVE-2006-5411 | 1 Justin White | 1 Freewps | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs. | ||||
| CVE-2006-5409 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||