Search Results (364592 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4981 1 Symantec 1 Sygate Network Access Control 2026-04-16 N/A
Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).
CVE-2006-4979 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings.
CVE-2006-4977 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
CVE-2006-4975 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
CVE-2002-2019 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2006-4505 1 Nx5 1 Nx5linx 2026-04-16 N/A
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
CVE-2006-4506 1 Netiq 1 Identity Manager 2026-04-16 N/A
idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.
CVE-2006-4523 1 2wire Inc 2 Homeportal, Officeportal 2026-04-16 N/A
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
CVE-2006-4524 1 Digiappz 1 Freekot 2026-04-16 N/A
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
CVE-2006-4527 1 Devellion 1 Cubecart 2026-04-16 N/A
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
CVE-2006-4528 1 Membrepass 1 Membrepass 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.
CVE-2006-4530 1 Membrepass 1 Membrepass 2026-04-16 N/A
Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.
CVE-2006-4531 1 Bare Concept Media 1 Pheap Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
CVE-2006-4532 1 Bernard Pacques 1 Yet Another Community System Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.
CVE-2006-4535 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
CVE-2006-4537 1 Dec 1 Dec Openvms Alpha 2026-04-16 N/A
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.
CVE-2006-4538 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
CVE-2006-4539 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4544 1 Exbb 1 Exbb 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.
CVE-2006-4553 2 Joomla, Mambo 2 Com Comprofiler Component, Com Comprofiler Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.