Search Results (362695 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1327 1 Crystal Art Software 1 Crystal Ftp 2026-04-16 N/A
Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.
CVE-2004-1329 1 Ibm 1 Aix 2026-04-16 N/A
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
CVE-2006-0752 1 Niels Provos 1 Honeyd 2026-04-16 N/A
Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd.
CVE-2004-1331 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
CVE-2000-0719 1 Varicad 1 Varicad 2026-04-16 N/A
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
CVE-2004-1337 3 Conectiva, Gnu, Ubuntu 3 Linux, Realtime Linux Security Module, Ubuntu Linux 2026-04-16 N/A
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVE-2004-1341 1 Roar Smith 1 Info2www 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.
CVE-2004-1352 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
CVE-2002-0601 1 Information Security Systems 1 Realsecure Network Sensor 2026-04-16 N/A
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.
CVE-2004-1353 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
CVE-2004-1358 1 Sun 1 Solaris 2026-04-16 N/A
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVE-2000-0724 1 Helix Code 1 Go-gnome Pre-installer 2026-04-16 N/A
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
CVE-2002-0603 1 Snapgear 1 Snapgear Lite\+ Firewall 2026-04-16 N/A
Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500.
CVE-2006-3605 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
CVE-2006-3609 1 Orbitcoders 1 Orbitmatrix 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute.
CVE-2004-1362 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
CVE-2006-3016 2 Php Group, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implied in the PHP manual for session_name().
CVE-2006-3019 1 Phpcms 1 Phpcms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.
CVE-2004-1367 1 Oracle 9 Application Server, Collaboration Suite, E-business Suite and 6 more 2026-04-16 N/A
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
CVE-2006-3020 1 Planete Afrique 1 Ws-album 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters.