Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-5737 1 Punbb 1 Punbb 2026-04-23 N/A
PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.
CVE-2007-2202 1 Acvsws 1 Acvsws Php5 2026-04-23 N/A
PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.
CVE-2006-5778 1 Linux-ftpd-ssl 1 Linux-ftpd-ssl 2026-04-23 N/A
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
CVE-2006-5780 1 Xlink Technology 1 Omni-nfs Server 2026-04-23 N/A
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
CVE-2006-5597 1 Minihttp 1 Web Forum File Sharing Sever Powerpack 2026-04-23 N/A
join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass parameters.
CVE-2006-5783 1 Mozilla 1 Firefox 2026-04-23 N/A
Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute
CVE-2006-5786 1 E107 1 E107 2026-04-23 N/A
Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.
CVE-2006-5787 1 Iprimal 1 Iprimal Forums 2026-04-23 N/A
admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.
CVE-2006-6051 1 Mamboxchange 1 Mosreporter 2026-04-23 N/A
PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5790 1 Stefan Ritt 1 Elog Web Logbook 2026-04-23 N/A
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.
CVE-2006-5809 1 Jonathon J. Freeman 1 Ovbb 2026-04-23 N/A
Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
CVE-2007-3719 1 Linux 1 Linux Kernel 2026-04-23 N/A
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
CVE-2007-0614 1 Apple 3 Ichat, Instant Message Framework, Mac Os X 2026-04-23 N/A
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
CVE-2006-5869 1 Pstotext 1 Pstotext 2026-04-23 N/A
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
CVE-2007-4128 1 Firestorm Technologies 1 Gmaps 2026-04-23 N/A
SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.
CVE-2006-5838 1 Newp 1 News Publication System 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/class.Database.php in NewP News Publication System 1.0.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the path parameter.
CVE-2006-5839 1 Phpadventure 1 Phpadventure 2026-04-23 N/A
PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.
CVE-2006-5841 1 Dodos Scripts 1 Dodosmail 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.
CVE-2006-5842 1 Unicore 1 Unicore Client 2026-04-23 N/A
The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information.
CVE-2006-5850 1 Essen 1 Essentia Web Server 2026-04-23 N/A
Stack-based buffer overflow in Essentia Web Server 2.15 for Windows allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request. NOTE: some of these details are obtained from third party information.