Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4023 | 1 Php | 1 Php | 2025-04-03 | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | ||||
| CVE-2006-4033 | 1 Lhaplus | 1 Lhaplus | 2025-04-03 | N/A |
| Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize. | ||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2025-04-03 | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | ||||
| CVE-2006-4025 | 1 Xennobb | 1 Xennobb | 2025-04-03 | N/A |
| SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | ||||
| CVE-2006-4029 | 1 Ageet | 1 Agephone | 2025-04-03 | N/A |
| Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | ||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | ||||
| CVE-2006-4031 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. | ||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2025-04-03 | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | ||||
| CVE-2006-4034 | 1 Moderngigabyte | 1 Modernbill | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. | ||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2025-04-03 | N/A |
| SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | ||||
| CVE-2006-4036 | 1 Zonemetrics | 1 Zonex Publishers Gold Edition | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2006-4040 | 1 Mywebland | 1 Myevent | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | ||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2025-04-03 | N/A |
| SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | ||||
| CVE-2006-4043 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | N/A |
| index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message. | ||||
| CVE-2006-4044 | 1 Brad Fears | 1 Phpcodecabinet | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. | ||||
| CVE-2006-4045 | 1 Torbstoff | 1 Torbstoff News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | ||||
| CVE-2006-4046 | 1 Open Cubic Player | 1 Open Cubic Player | 2025-04-03 | N/A |
| Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function. | ||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4048 | 1 Netious Cms | 1 Netious Cms | 2025-04-03 | N/A |
| Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||