Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5118 1 Sun 1 Java System Identity Manager 2025-04-09 N/A
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
CVE-2006-5096 1 Virtuemart 1 Virtuemart Joomla Ecommerrce Edition Cms 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action.
CVE-2006-5098 1 Andreas Gohr 1 Dokuwiki 2025-04-09 N/A
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
CVE-2006-5924 1 Efficientip 1 Ipmanager 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-6008 1 Netkit 1 Netkit 2025-04-09 N/A
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
CVE-2007-4393 1 Suse 1 Suse Linux 2025-04-09 N/A
The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
CVE-2007-6099 1 Ingate 2 Ingate Firewall, Ingate Siparator 2025-04-09 N/A
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
CVE-2006-5099 1 Andreas Gohr 1 Dokuwiki 2025-04-09 N/A
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
CVE-2006-6535 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-09 N/A
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
CVE-2006-6018 1 Jim Plush 1 My-bic 2025-04-09 N/A
PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant
CVE-2006-5103 1 Bbsnew 1 Bbsnew 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter.
CVE-2007-1391 1 Webo 1 Webo 2025-04-09 N/A
PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
CVE-2007-3211 1 Domain Technologie Control 1 Domain Technologie Control 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5933 1 Ultrasite 1 Ultrasite 2025-04-09 N/A
SQL injection vulnerability in update.asp in UltraSite 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1684 1 Solidworks 1 Sldimdownload Activex Control 2025-04-09 N/A
The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments.
CVE-2006-6023 1 Bloo 1 Bloo 2025-04-09 N/A
PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php
CVE-2006-5105 1 Forum One 1 Syntaxcms 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055.
CVE-2007-1393 1 Geo Soft 1 Magic Cms 2025-04-09 N/A
PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-1699 2 Joomla, Mambo 2 Swmenu Component, Swmenu Component 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
CVE-2006-5106 1 Facileforms 1 Facileforms 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.