Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-5271 | 1 Mcafee | 2 E-business Server, Protectionpilot | 2026-04-23 | N/A |
| Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. | ||||
| CVE-2006-5273 | 1 Mcafee | 3 Common Management Agent, E-business Server, Protectionpilot | 2026-04-23 | N/A |
| Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2006-5276 | 2 Snort, Sourcefire | 2 Snort, Intrusion Sensor | 2026-04-23 | N/A |
| Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. | ||||
| CVE-2006-5282 | 1 Sh-news | 1 Sh-news | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php. | ||||
| CVE-2006-5285 | 1 Xeoport | 1 Xeoport | 2026-04-23 | N/A |
| SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter. | ||||
| CVE-2006-5292 | 1 Exhibit Engine | 1 Exhibit Engine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | ||||
| CVE-2006-5293 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. | ||||
| CVE-2006-5298 | 1 Mutt | 1 Mutt | 2026-04-23 | N/A |
| The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | ||||
| CVE-2006-5299 | 1 Gcontact | 1 Gcontact | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2006-5300 | 1 Hp | 1 Version Control Agent | 2026-04-23 | N/A |
| Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors. | ||||
| CVE-2009-1574 | 2 Ipsec-tools, Redhat | 2 Ipsec-tools, Enterprise Linux | 2026-04-23 | N/A |
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. | ||||
| CVE-2006-5304 | 1 Inccms Technology | 1 Inccms Core | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in inc/settings.php in IncCMS Core 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | ||||
| CVE-2006-5308 | 1 Open Conference Systems | 1 Open Conference Systems | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Conference Systems (OCS) before 1.1.6 allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter in (1) include/theme.inc.php or (2) include/footer.inc.php. | ||||
| CVE-2006-5312 | 1 Phpbb | 1 Ajax Shoutbox | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2007-0222 | 1 Oracle | 1 Application Server | 2026-04-23 | N/A |
| Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). | ||||
| CVE-2006-5318 | 1 Nayco | 1 Jasmine | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Nayco JASmine (aka Jasmine-Web) allows remote attackers to execute arbitrary PHP code via an FTP URL in the section parameter. | ||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | ||||
| CVE-2007-0227 | 1 Slocate | 1 Slocate | 2026-04-23 | N/A |
| slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7. | ||||
| CVE-2006-5328 | 2 Apple, Openbase International Ltd | 2 Xcode, Openbase | 2026-04-23 | N/A |
| OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | ||||
| CVE-2007-0228 | 1 Eiqnetworks | 1 Enterprise Security Analyzer | 2026-04-23 | N/A |
| The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | ||||