Search Results (364491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4135 1 Vincent Hor 1 Calendarix 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
CVE-2006-4137 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
CVE-2002-1916 1 Pirch 2 Pirch Irc, Ruspirch 2026-04-16 N/A
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
CVE-2006-4139 1 Sun 1 Solaris 2026-04-16 N/A
Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
CVE-2006-4143 1 Netgear 1 Fvg318 2026-04-16 N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-2003-1118 1 University Of California 1 Seti At Home 2026-04-16 N/A
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.
CVE-2006-4145 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command.
CVE-2006-4155 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
CVE-2006-4156 1 Pearlabs 1 Mafia Moblog 2026-04-16 N/A
PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE: a third party claims that the researcher is incorrect, because template.php defines pathtotemplate before big.php uses pathtotemplate. CVE has not verified either claim, but during August 2006, the original researcher made several significant errors regarding this bug type
CVE-2006-4157 1 Yabb 1 Yabb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter.
CVE-2006-4158 1 Spaminator 1 Spaminator 2026-04-16 N/A
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-4161 1 Xennobb 1 Xennobb 2026-04-16 N/A
Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.
CVE-2006-4162 1 Cpg-nuke 1 Dragonfly Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2002-1922 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables.
CVE-2006-4164 1 Phpprintanalyzer 1 Phpprintanalyzer 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter.
CVE-2006-4165 1 Netcommons 1 Netcommons 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4166 1 Tinywebgallery 1 Tinywebgallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
CVE-2006-4172 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
CVE-2006-4192 2 Modplug, Redhat 2 Tracker, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.
CVE-2006-4193 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.