Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5778 1 Linux-ftpd-ssl 1 Linux-ftpd-ssl 2026-04-23 N/A
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
CVE-2006-5786 1 E107 1 E107 2026-04-23 N/A
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-5790 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.
CVE-2006-5791 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function.
CVE-2006-5792 1 Xlink Technology 1 Omni-nfs X Enterprise 2026-04-23 N/A
Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2006-5794 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-23 N/A
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.
CVE-2006-5798 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
SQL injection vulnerability in default.asp in Xenis.creator CMS allows remote attackers to execute arbitrary SQL commands via the contid parameter.
CVE-2006-5800 1 Xenis 1 Xenis.creator Cms 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5802 1 The Web Drivers 1 Simple Forum 2026-04-23 N/A
SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-5804 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2007-4535 1 Vavoom 1 Vavoom 2026-04-23 N/A
The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.
CVE-2006-5833 1 Greenbeast Cms 1 Greenbeast Cms 2026-04-23 N/A
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.
CVE-2006-5834 1 Opensolution 1 Quick.cms.lite 2026-04-23 N/A
Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.
CVE-2006-5835 1 Ibm 1 Lotus Notes 2026-04-23 N/A
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
CVE-2006-5837 1 Simplechat 1 Simplechat 2026-04-23 N/A
Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter.
CVE-2006-5869 1 Pstotext 1 Pstotext 2026-04-23 N/A
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
CVE-2006-5849 1 Irayoblog 1 Irayoblog 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc/irayofuncs.php in IrayoBlog alpha-0.2.4 allows remote attackers to execute arbitrary PHP code via a URL in the irayodirhack parameter.
CVE-2007-4534 1 Vavoom 1 Vavoom 2026-04-23 N/A
Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field.
CVE-2006-5868 4 Canonical, Debian, Imagemagick and 1 more 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more 2026-04-23 N/A
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
CVE-2006-5866 1 Phpmanta 1 Phpmanta 2026-04-23 N/A
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.