Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5289 | 1 Vtiger | 1 Vtiger Crm | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. | ||||
| CVE-2006-5290 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2025-04-09 | N/A |
| The ESS/ Network Controller and MicroServer Web Server components of Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265 and 275 allow remote attackers to bypass authentication and execute arbitrary code via "WebUI command injection on TCP/IP hostname." | ||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | ||||
| CVE-2006-5293 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. | ||||
| CVE-2006-5294 | 1 Tincan | 1 Phplist | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. | ||||
| CVE-2006-5295 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | N/A |
| Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." | ||||
| CVE-2006-5296 | 1 Microsoft | 1 Powerpoint | 2025-04-09 | N/A |
| PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous. | ||||
| CVE-2006-5297 | 2 Mutt, Redhat | 2 Mutt, Enterprise Linux | 2025-04-09 | N/A |
| Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. | ||||
| CVE-2006-5298 | 1 Mutt | 1 Mutt | 2025-04-09 | N/A |
| The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | ||||
| CVE-2006-5299 | 1 Gcontact | 1 Gcontact | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-5300 | 1 Hp | 1 Version Control Agent | 2025-04-09 | N/A |
| Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors. | ||||
| CVE-2006-5303 | 1 Securecomputing | 1 Safeword Remoteaccess | 2025-04-09 | N/A |
| Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | ||||
| CVE-2006-5305 | 1 Phpbb | 1 Lat2cyr | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5307 | 1 Afgb | 1 Afgb Guestbook | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the Htmls parameter in (1) add.php, (2) admin.php, (3) look.php, or (4) re.php. | ||||
| CVE-2006-5308 | 1 Open Conference Systems | 1 Open Conference Systems | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php. | ||||
| CVE-2006-5309 | 1 Phpbb | 1 Prillian French | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5311 | 1 Buzlas | 1 Buzlas | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Buzlas 2006-1 Full allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-5314 | 1 Phplibre | 1 Tribunalibre | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in ftag.php in TribunaLibre 3.12 Beta allows remote attackers to execute arbitrary PHP code via a URL in the mostrar parameter. | ||||