ReportizFlow
Filtered by vendor
Subscriptions
Total
29918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5797 | 1 Xenis | 1 Xenis.creator Cms | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in default.asp in Xenis.creator CMS allow remote attackers to execute arbitrary SQL commands via the (1) nav, (2) s, or (3) print parameters. | ||||
| CVE-2006-5801 | 1 Owfs | 1 Owfs | 2026-04-23 | N/A |
| The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell. | ||||
| CVE-2006-5820 | 1 Aol | 1 Aol | 2026-04-23 | N/A |
| The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. | ||||
| CVE-2006-5509 | 1 Woltlab | 1 Burning Book | 2026-04-23 | N/A |
| Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | ||||
| CVE-2006-5822 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2026-04-23 | N/A |
| Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222. | ||||
| CVE-2006-5836 | 1 Opendarwin | 1 Darwin Kernel | 2026-04-23 | N/A |
| The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type. | ||||
| CVE-2006-5837 | 1 Simplechat | 1 Simplechat | 2026-04-23 | N/A |
| Static code injection vulnerability in chat_panel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. | ||||
| CVE-2006-5841 | 1 Dodos Scripts | 1 Dodosmail | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters. | ||||
| CVE-2006-5540 | 2 Postgresql, Redhat | 3 Postgresql, Enterprise Linux, Rhel Application Stack | 2026-04-23 | N/A |
| backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." | ||||
| CVE-2006-5543 | 1 Pgosd | 1 Pgosd | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2026-04-23 | N/A |
| Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. | ||||
| CVE-2006-5885 | 1 Dynamic Dataworx | 1 Nustore | 2026-04-23 | N/A |
| SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter. | ||||
| CVE-2006-5022 | 1 Pnews Systems | 1 Pnews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. | ||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2026-04-23 | 7.2 High |
| Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2007-1788 | 1 Flyspray | 1 Flyspray | 2026-04-23 | N/A |
| Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. | ||||
| CVE-2007-1789 | 1 Flyspray | 1 Flyspray | 2026-04-23 | N/A |
| Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. | ||||
| CVE-2007-1503 | 1 Rhapsody Irc | 1 Rhapsody Irc | 2026-04-23 | N/A |
| Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands. | ||||
| CVE-2007-3721 | 1 Freebsd | 1 Freebsd | 2026-04-23 | N/A |
| The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | ||||
| CVE-2006-5749 | 1 Linux | 1 Linux Kernel | 2026-04-23 | N/A |
| The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. | ||||
| CVE-2007-1506 | 1 Oracle | 1 Application Server Portal | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | ||||