Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2316 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2025-04-03 N/A
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.
CVE-2004-2319 1 Ibm 2 Informix Dynamic Server, Informix Extended Parallel Server 2025-04-03 N/A
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
CVE-2006-4241 1 Mamboxchange 1 Reporter 2025-04-03 N/A
PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4256 1 Horde 1 Application Framework 2025-04-03 N/A
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS.
CVE-2004-2408 1 Vserver 1 Linux-vserver 2025-04-03 N/A
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
CVE-2006-4259 1 Jake Olefsky 1 Fotopholder 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability.
CVE-2004-2409 1 Samhain Labs 1 Samhain 2025-04-03 N/A
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
CVE-2006-4273 1 Jelsoft 1 Vbulletin 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6.
CVE-2006-4366 1 Redblog 1 Redblog 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4371 1 Alt-n 1 Webadmin 2025-04-03 N/A
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
CVE-2006-4373 1 Derek Leung 1 Pslash 2025-04-03 N/A
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
CVE-2006-4417 1 Xoops 1 Xoops 2025-04-03 N/A
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
CVE-2006-4418 1 Wikepage 1 Wikepage 2025-04-03 N/A
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
CVE-2006-4450 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
CVE-2006-4457 1 Phpecard 1 Phpecard 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4459 1 Digi International Inc 1 Anywhere Usb5 2025-04-03 N/A
Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
CVE-2006-4460 1 Clemens Wacha 1 Php Iaddressbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4465 1 Microsoft 1 Terminal Server 2025-04-03 N/A
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code
CVE-2006-4488 1 Exbb 1 Exbb Italia 2025-04-03 N/A
PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter.
CVE-2006-4493 1 Xbiff2 1 Xbiff2 2025-04-03 N/A
xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with insecure file permissions, which allows local users to obtain sensitive information such as login credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information.