Search Results (364541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4759 1 Punbb 1 Punbb 2026-04-16 N/A
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.
CVE-2006-4767 1 Stefan Ernst 1 Newsscript 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2) write to arbitrary local files via a .. sequence in the var parameter in add_go.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4768 1 Stefan Ernst 1 Newsscript 2026-04-16 N/A
Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. NOTE: the original source of this vulnerability is unknown; the details are obtained from third party information and CVE post-disclosure analysis.
CVE-2006-4772 1 Hotplug Cms 1 Hotplug Cms 2026-04-16 N/A
HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc.
CVE-2006-4773 1 Sun 1 Storedge 6130 Arrays 2026-04-16 N/A
Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.
CVE-2003-1157 1 Citrix 1 Metaframe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
CVE-2006-4775 1 Cisco 2 Catos, Ios 2026-04-16 N/A
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
CVE-2006-4777 1 Microsoft 1 Ie 2026-04-16 N/A
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
CVE-2006-4781 1 Futuresoft 1 Tftp Server Multithreaded 2026-04-16 N/A
Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information.
CVE-2006-4782 1 Webspell 1 Webspell 2026-04-16 N/A
src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php.
CVE-2006-4788 1 Telekorn 1 Signkorn Guestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter.
CVE-2006-4795 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
CVE-2006-4797 1 Cj Design 1 Cj Tag Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter.
CVE-2006-4798 1 Dws Systems Inc. 1 Sql-ledger 2026-04-16 N/A
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
CVE-2006-4799 1 Xine 1 Xine-lib 2026-04-16 N/A
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
CVE-2006-4803 1 Netiq 1 Identity Manager 2026-04-16 N/A
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
CVE-2006-4821 1 Drupal 1 Drupal Userreview Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4822 1 Emusoft 1 Emucms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
CVE-2002-2140 1 Cisco 1 Pix Firewall Software 2026-04-16 N/A
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.
CVE-2006-4825 1 Softcomplex 1 Php Event Calendar 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.