Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4118 1 Chaossoft 1 Geheimchaos 2026-04-16 N/A
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.
CVE-1999-1366 1 David Harris 1 Pegasus Mail 2026-04-16 N/A
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
CVE-2006-4122 1 Simple One-file Guestbook 1 Simple One-file Guestbook 2026-04-16 N/A
Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
CVE-2006-4124 1 Lesstif 1 Lesstif 2026-04-16 N/A
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
CVE-2006-4128 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
CVE-2003-1114 1 Mediatrix Telecom 1 Voip Access Devices And Gateways 2026-04-16 N/A
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
CVE-2006-4135 1 Vincent Hor 1 Calendarix 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
CVE-2006-4137 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
CVE-2006-4139 1 Sun 1 Solaris 2026-04-16 N/A
Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
CVE-2002-1916 1 Pirch 2 Pirch Irc, Ruspirch 2026-04-16 N/A
Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries.
CVE-2006-4143 1 Netgear 1 Fvg318 2026-04-16 N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-2006-4271 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system.
CVE-2006-4273 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
CVE-2006-4276 1 Tutti Nova 1 Tutti Nova 2026-04-16 N/A
PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php.
CVE-2006-4282 1 Mamboxchange 1 Mambowiki 2026-04-16 N/A
PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
CVE-2006-4283 1 Solmetra 1 Spaw Editor 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.
CVE-2006-4286 1 Mambo 1 Mambo 2026-04-16 N/A
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate
CVE-2006-4287 2 Nes Game, Nes System 2 Nes Game, Nes System 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php.
CVE-2006-4290 1 Sony 1 Vaio Media Server 2026-04-16 N/A
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.
CVE-2006-4294 1 Twiki 1 Twiki 2026-04-16 N/A
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.