Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5430 1 Db-central 2 Cms, Enterprise Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5436 1 Freefaq 1 Freefaq 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter.
CVE-2006-5427 1 Php Amx 1 Php Amx 2026-04-23 N/A
PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter.
CVE-2009-1192 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2026-04-23 N/A
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
CVE-2006-5426 1 Local Calendar System 1 Local Calendar System 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter.
CVE-2006-5172 2 Broadcom, Ca 3 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Protection Suites 2026-04-23 N/A
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
CVE-2007-6628 1 Feng 1 Feng 2026-04-23 N/A
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.
CVE-2006-5166 1 Php Web Scripts 1 Easy Banner Free 2026-04-23 N/A
PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
CVE-2007-1376 1 Php 1 Php 2026-04-23 N/A
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
CVE-2006-5425 1 Xorp 1 Extensible Open Router Platform 2026-04-23 N/A
XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field.
CVE-2006-5796 1 Soholaunch 1 Soholaunch Pro Edition 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.
CVE-2006-5423 1 Lou Portail 1 Lou Portail 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-5419 1 University Of Glasgow 1 Specimen Image Database 2026-04-23 N/A
PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.
CVE-2006-5416 1 F5 1 Firepass 1000 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2006-5415 1 News Defilante Horizontale 1 News Defilante Horizontale 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5387 1 Phpbb Plusxl 1 Plusxl 2026-04-23 N/A
PHP remote file inclusion vulnerability in mods/iai/includes/constants.php in the PlusXL 20_272 and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5386 1 Nuralstorm 1 Nuralstorm Webmail 2026-04-23 N/A
PHP remote file inclusion vulnerability in process.php in NuralStorm Webmail 0.98b and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DEFAULT_SKIN parameter.
CVE-2006-5385 1 Spamoborona 1 Spamoborona 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5384 1 Cds Software Consortium 1 Cds Agenda 2026-04-23 N/A
PHP remote file inclusion vulnerability in modification/SendAlertEmail.php in CDS Software Consortium CDS Agenda 4.2.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AGE parameter.
CVE-2006-5383 1 Def-blog 1 Def-blog 2026-04-23 N/A
SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.