Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5961 1 Pegasus 1 Mercury Mail Transport System 2026-04-23 N/A
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.
CVE-2006-5053 1 Web-news 1 Web-news 2026-04-23 N/A
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
CVE-2006-6333 1 Linux 1 Linux Kernel 2026-04-23 N/A
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.
CVE-2006-6331 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.
CVE-2007-1357 1 Linux 1 Linux Kernel 2026-04-23 N/A
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
CVE-2007-1664 2 Debian, Ekg 2 Debian Linux, Ekg 2026-04-23 N/A
ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.
CVE-2006-6330 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVE-2010-0315 1 Google 1 Chrome 2026-04-23 N/A
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
CVE-2007-1354 2 Jboss, Redhat 2 Jboss Application Server, Jboss Application Server 2026-04-23 N/A
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
CVE-2006-6872 1 Endonesia 1 Endonesia 2026-04-23 N/A
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
CVE-2006-6329 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
CVE-2006-6869 1 Maxdev 1 Mdforum 2026-04-23 N/A
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
CVE-2007-0409 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
CVE-2006-6215 1 Wallpaper 1 Wallpaper Complete Website 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.
CVE-2006-5912 1 Campware.org 1 Campsite 2026-04-23 N/A
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.
CVE-2006-5050 1 Rob Landley 1 Busybox 2026-04-23 N/A
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
CVE-2007-1182 1 Web-app.org 1 Webapp 2026-04-23 N/A
WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
CVE-2006-5911 1 Campware.org 1 Campsite 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/.
CVE-2006-5910 1 Campware.org 1 Campsite 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/.
CVE-2006-5875 1 Enemies Of Carlotta 1 Enemies Of Carlotta 2026-04-23 N/A
eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address".