Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0228 1 Grsecurity 1 Grsecurity Kernel Patch 2026-04-16 N/A
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
CVE-2006-0241 1 Webmobo 1 Wbnews 2026-04-16 N/A
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.
CVE-2006-4019 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2005-0595 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
CVE-2006-0324 1 Webspot 1 Webspotblogging 2026-04-16 N/A
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
CVE-2006-0439 1 Text Rider 1 Text Rider 2026-04-16 N/A
Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.
CVE-2006-2725 1 Epic Designs 1 Eggblog 2026-04-16 N/A
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0381 1 Freebsd 1 Freebsd 2026-04-16 N/A
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.
CVE-2006-0572 1 Hinton Design 1 Phpstatus 2026-04-16 N/A
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
CVE-2006-0576 2 Maynard Johnson, Redhat 2 Oprofile, Enterprise Linux 2026-04-16 N/A
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.
CVE-2005-4649 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.
CVE-2006-0189 1 Estara 1 Softphone 2026-04-16 N/A
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
CVE-2006-0197 1 X.org 1 X.org 2026-04-16 N/A
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.
CVE-2006-0204 1 Wordcircle 1 Wordcircle 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts.
CVE-2006-1818 1 The War Forge 1 Warforge.news 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.
CVE-2006-0206 1 Light Weight Calendar 1 Light Weight Calendar 2026-04-16 N/A
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
CVE-2006-0529 1 Ca 1 Messaging 2026-04-16 N/A
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.
CVE-2006-1825 1 Phplinks 1 Phplinks 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter.
CVE-2004-0426 2 Andrew Tridgell, Redhat 2 Rsync, Enterprise Linux 2026-04-16 N/A
rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.
CVE-2006-1838 1 Clanscripte.net 1 Fuju News 2026-04-16 N/A
edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie.