Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4939 1 Moodle 1 Moodle 2026-04-16 N/A
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
CVE-2005-3525 1 Adobe 1 Shockwave Player 2026-04-16 N/A
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.
CVE-2006-4940 1 Moodle 1 Moodle 2026-04-16 N/A
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
CVE-2005-3526 1 Ipswitch 1 Ipswitch Collaboration Suite 2026-04-16 N/A
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
CVE-2006-4941 1 Moodle 1 Moodle 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2005-3527 1 Linux 1 Linux Kernel 2026-04-16 N/A
Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP.
CVE-2006-4942 1 Moodle 1 Moodle 2026-04-16 N/A
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
CVE-2006-4943 1 Moodle 1 Moodle 2026-04-16 N/A
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2005-3530 1 Antville 1 Antville 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document.
CVE-2005-3531 1 Miklos Szeredi 1 Fuse 2026-04-16 N/A
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.
CVE-2006-2717 1 Secure Elements 1 C5 Enterprise Vulnerability Management 2026-04-16 N/A
Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue.
CVE-2006-4945 1 Cardway 1 Digitalwebshop 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
CVE-2005-3532 1 Double Precision Incorporated 1 Courier Mail Server 2026-04-16 N/A
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
CVE-2006-2719 1 Jiwa 1 Financials 2026-04-16 N/A
JIWA Financials 6.4.14 stores usernames and passwords for all accounts in cleartext in the HR_Staff table in Microsoft SQL Server, and sends the usernames and passwords in cleartext to the application's SQL Server ODBC driver, which might allow context-dependent attackers to obtain the passwords.
CVE-2006-4946 1 Cmsdevelopment 1 Business Card Web Builder 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2005-3533 1 Osh 1 Osh 2026-04-16 N/A
Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.
CVE-2006-4947 1 Drupal 1 Search Keyword Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output."
CVE-2006-4948 1 Prosysinfo 1 Tftp Server Tftpdwin 2026-04-16 N/A
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-3535 1 Ketm 1 Ketm 2026-04-16 N/A
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.
CVE-2006-4950 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables.