Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4454 1 Hlstats 1 Hlstats 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-2613 1 Cpaint 1 Cpaint 2026-04-16 N/A
Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.
CVE-2005-2614 1 Crosscom Olicom 1 Discuz 2026-04-16 N/A
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
CVE-2006-1860 1 Linux 1 Linux Kernel 2026-04-16 N/A
lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.
CVE-2005-2615 1 Eqdkp 1 Eqdkp 2026-04-16 N/A
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.
CVE-2006-4457 1 Phpecard 1 Phpecard 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-2616 1 Ezupload 1 Ezupload 2026-04-16 N/A
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
CVE-2005-2617 1 Linux 1 Linux Kernel 2026-04-16 N/A
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
CVE-2006-1862 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load.
CVE-2006-4458 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
CVE-2006-4459 1 Digi International Inc 1 Anywhere Usb5 2026-04-16 N/A
Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
CVE-2005-2622 1 Ecw-shop 1 Ecw-shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter.
CVE-2006-1863 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
CVE-2006-4465 1 Microsoft 1 Terminal Server 2026-04-16 N/A
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code
CVE-2005-2623 1 Ecw-shop 1 Ecw-shop 2026-04-16 N/A
ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.
CVE-2005-2624 1 Cpaint 1 Cpaint 2026-04-16 N/A
Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.
CVE-2005-2625 1 Cpaint 1 Cpaint 2026-04-16 N/A
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.
CVE-2005-2626 1 Kismet 1 Kismet 2026-04-16 N/A
Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.
CVE-2005-2627 1 Kismet 1 Kismet 2026-04-16 N/A
Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.
CVE-2006-1864 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.