Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4610 1 Graphiks 1 Grapagenda 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
CVE-2006-4611 1 Dsocks 1 Dsocks 2026-04-16 N/A
Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name.
CVE-2006-4612 1 John Andersson 1 Zixforum 2026-04-16 N/A
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
CVE-2006-4614 1 Pocket Pc 1 Pocket Pc 2026-04-16 N/A
PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.
CVE-2006-4615 1 Shape Services 1 Im\+ Mobile Instant Messenger 2026-04-16 N/A
Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.
CVE-2006-4616 1 Mailenable 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard 2026-04-16 N/A
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
CVE-2006-4617 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
CVE-2006-4618 1 John Lim 1 Adodb 2026-04-16 N/A
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.
CVE-2006-4619 1 Avira 1 Antivir Personal 2026-04-16 N/A
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information.
CVE-2006-4636 1 Szewo 1 Phpcommander 2026-04-16 N/A
Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
CVE-2006-0163 1 Francisco Burzi 1 Php-nuke Ev 2026-04-16 N/A
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
CVE-2006-0164 1 Woah-projekt 1 Phgstats 2026-04-16 N/A
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
CVE-2006-0172 1 Hummingbird 1 Enterprise Collaboration 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.
CVE-2006-1473 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
CVE-2006-1490 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-16 N/A
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
CVE-2006-2308 1 Etype 1 Eserv 2026-04-16 N/A
Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and delete empty directories via directory traversal sequences in the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY or (6) APPEND commands.
CVE-2006-2789 1 Gnome 1 Evolution 2026-04-16 N/A
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
CVE-2006-3495 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
CVE-2006-3496 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
CVE-2006-3498 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.