Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5111 1 Libksba Library 1 Libksba Library 2026-04-23 N/A
The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
CVE-2006-5112 1 Intervations 1 Navicopa Web Server 2026-04-23 N/A
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2006-5115 1 Kgb 1 Kgb 2026-04-23 N/A
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
CVE-2006-5116 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
CVE-2006-5117 1 Phpmyadmin 1 Phpmyadmin 2026-04-23 N/A
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
CVE-2006-5118 1 Phpselect 1 Web Development Division 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.
CVE-2006-5120 1 Scott Metoyer 1 Red Mombin 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.
CVE-2006-5125 1 Joshua Muheim 1 Phpmywebmin 2026-04-23 N/A
Directory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function.
CVE-2006-5126 1 Powerportal 1 Powerportal 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
CVE-2006-5127 1 Conpresso 1 Conpresso Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
CVE-2006-5128 1 Conpresso 1 Conpresso Cms 2026-04-23 N/A
SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.
CVE-2006-5129 1 Salims Softhouse 1 Jaf Cms 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.
CVE-2009-0630 1 Cisco 1 Ios 2026-04-23 N/A
The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets.
CVE-2006-5134 1 Hp 1 Mercury Sitescope 2026-04-23 N/A
Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.
CVE-2006-5136 1 Ubbcentral 1 Ubb.threads 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.
CVE-2006-5155 1 Videodb 1 Videodb 2026-04-23 N/A
PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
CVE-2006-5159 1 Mozilla 1 Firefox 2026-04-23 N/A
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources"
CVE-2006-5161 1 Ibm 1 Client Security Password Manager 2026-04-23 N/A
IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.
CVE-2006-5163 1 Ibm 1 Informix Dynamic Server 2026-04-23 N/A
IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.
CVE-2006-5164 1 Sum Effect Software 1 Digishop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.