Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6635 1 Jumbacms 1 Jumbacms 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
CVE-2006-6634 1 Mambo 1 Extcalthai Module 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2006-6633 1 Yapbb 1 Yapbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter.
CVE-2006-6632 1 Genepi 1 Genepi 2026-04-23 N/A
PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter.
CVE-2006-6628 1 Openoffice 1 Openoffice 2026-04-23 N/A
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.
CVE-2006-6627 1 Softwin 5 Bitdefender, Bitdefender Antivirus, Bitdefender Internet Security and 2 more 2026-04-23 N/A
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
CVE-2006-6625 1 Moodle 1 Moodle 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6623 6 Avg, Comodo, Filseclab and 3 more 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more 2026-04-23 N/A
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
CVE-2006-6620 6 Avg, Comodo, Filseclab and 3 more 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more 2026-04-23 N/A
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
CVE-2006-6616 1 W00t Gallery 1 W00t Gallery 2026-04-23 N/A
index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information.
CVE-2006-6614 2 Debian, Thomas Lange 2 Debian Linux, Fully Automated Installation 2026-04-23 N/A
The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.
CVE-2006-6606 1 Clarens 1 Jclarens 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-5872 1 Dws Systems Inc. 1 Sql-ledger 2026-04-23 N/A
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
CVE-2006-6610 1 Alientrap 1 Nexuiz 2026-04-23 N/A
clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."
CVE-2006-5392 1 Opendoc 1 Fullcore 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenDock FullCore 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) sw/index_sw.php; (2) cart.php, (3) lib_cart.php, (4) lib_read_cart.php, (5) lib_sys_cart.php, and (6) txt_info_cart.php in sw/lib_cart/; (7) comment.php, (8) find_comment.php, and (9) lib_comment.php in sw/lib_comment/; (10) sw/lib_find/find.php; and other unspecified PHP scripts.
CVE-2006-5391 1 Xfire 1 Xfire 2026-04-23 N/A
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
CVE-2006-5390 1 Phpbb 1 Acp User Registration Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-5389 1 Wyana 1 Php-wyana 2026-04-23 N/A
tools/tellhim.php in PHP-Wyana allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the path in an error message.
CVE-2006-5379 1 Nvidia 1 Binary Graphics Driver 2026-04-23 N/A
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
CVE-2006-5375 1 Oracle 1 Peoplesoft Enterprise 2026-04-23 N/A
Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03.