Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0450 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
CVE-2006-2715 1 Secure Elements 1 C5 Enterprise Vulnerability Management 2026-04-16 N/A
The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.
CVE-2005-0498 1 Gigafast Ethernet 1 Gigafast Router 2026-04-16 N/A
Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext.
CVE-2006-0451 1 Redhat 2 Directory Server, Fedora Core 2026-04-16 N/A
Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-3928 1 Mikael Software 1 Wmnews 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath parameter.
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
CVE-2006-3930 1 Mamboxchange 1 A6mambohelpdesk 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2005-0499 1 Gigafast Ethernet 1 Gigafast Router 2026-04-16 N/A
Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries.
CVE-2005-0500 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.
CVE-2005-0501 1 Digipen Institute Of Technology 1 Bontago 2026-04-16 N/A
Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVE-2006-0452 1 Redhat 2 Directory Server, Fedora Core 2026-04-16 N/A
dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.
CVE-2005-0502 1 Xinkaa Web Station 1 Xinkaa Web Station 2026-04-16 N/A
Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.
CVE-2005-0503 2 Mandrakesoft, Uim 2 Mandrake Linux, Uim 2026-04-16 N/A
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
CVE-2006-0453 1 Redhat 2 Directory Server, Fedora Core 2026-04-16 N/A
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-3700 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB.
CVE-2005-0505 1 Stackworks Enterprises 1 Information Resource Manager 2026-04-16 N/A
Unknown vulnerability in Information Resource Manager (IRM) before 1.5.2.1 allows remote attackers to have "potentially serious" impact, related to LDAP logins.
CVE-2005-0509 2 Microsoft, Mono 2 .net Framework, Mono 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
CVE-2006-0455 2 Gnu, Redhat 2 Privacy Guard, Enterprise Linux 2026-04-16 N/A
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
CVE-2006-3935 1 Alkacon 1 Opencms 2026-04-16 N/A
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
CVE-2005-0511 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.