Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4266 1 Symantec 1 Norton Personal Firewall 2026-04-16 N/A
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
CVE-2006-4269 2 Joomla, Mambo 2 X-shop Component, X-shop Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
CVE-2006-4278 1 Sportsphool 1 Sportsphool 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.
CVE-2006-4281 1 Arthur Konze Webdesign 1 Akocomment 2026-04-16 N/A
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4289 1 Sony 1 Vaio Media Server 2026-04-16 N/A
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-4291 1 Phlymail 1 Phlymail Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.
CVE-2006-4317 1 Woltlab 1 Burning Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.
CVE-2006-4319 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.
CVE-2006-4569 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
CVE-2006-4548 1 E107 1 E107 2026-04-16 N/A
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
CVE-2006-4557 1 Robert Jewell 1 Discloser 2026-04-16 N/A
PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute
CVE-2002-0730 1 Philip Chinery 1 Philip Chinerys Guestbook 2026-04-16 N/A
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
CVE-2006-4596 1 Mybace Light 1 Mybace Light 2026-04-16 N/A
PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.
CVE-2006-4602 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
CVE-2006-4603 1 Nch Software 1 Swift Sound Web Dictate 2026-04-16 N/A
NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.
CVE-2006-4620 1 Alt-n 1 Webadmin 2026-04-16 N/A
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account.
CVE-2006-4630 1 Sky Gunning 1 Myspeach 2026-04-16 N/A
PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.
CVE-2006-4631 1 Softbb 1 Softbb 2026-04-16 N/A
Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
CVE-2006-4634 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
CVE-2006-4642 1 Auditwizard 1 Auditwizard 2026-04-16 N/A
AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.