Search Results (365200 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0223 1 Topcmm Computing 1 123 Flash Chat Server 2026-04-16 N/A
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.
CVE-2006-2879 1 Alex 1 News-engine 2026-04-16 N/A
SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-2882 1 Aspscriptz 1 Aspscriptz Guest Book 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields.
CVE-2006-2884 1 Kke Info Media 1 Kmita Faq 2026-04-16 N/A
SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-2885 1 Knowledgetree 1 Knowledgetree 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php.
CVE-2006-2886 1 Jam Warehouse 1 Knowledgetree Open Source 2026-04-16 N/A
view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS.
CVE-2006-2887 1 Aspburst 1 Mynewsletter 2026-04-16 N/A
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
CVE-2006-2888 1 Wikiwig 1 Wikiwig 2026-04-16 N/A
PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter.
CVE-2006-2889 1 Pixelpost 1 Pixelpost 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter.
CVE-2006-2896 1 Funkboard 1 Funkboard 2026-04-16 N/A
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
CVE-2006-2899 1 Estsoft 1 Internetdisk 2026-04-16 N/A
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
CVE-1999-0260 1 Renaud Deraison 1 Jj 2026-04-16 N/A
The jj CGI program allows command execution via shell metacharacters.
CVE-1999-0257 1 Linux 1 Linux Kernel 2026-04-16 N/A
Nestea variation of teardrop IP fragmentation denial of service.
CVE-1999-0256 2 Jgaa, Microsoft 3 Warftpd, Windows 95, Windows Nt 2026-04-16 N/A
Buffer overflow in War FTP allows remote execution of commands.
CVE-2004-2663 1 Ibm 1 Egatherer 2026-04-16 N/A
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
CVE-2004-1438 1 Subversion 1 Subversion 2026-04-16 N/A
The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
CVE-1999-0241 3 Sgi, Sun, Xfree86 Project 4 Irix, Solaris, Sunos and 1 more 2026-04-16 N/A
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
CVE-1999-1491 1 Redhat 1 Linux 2026-04-16 N/A
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
CVE-1999-0240 2026-04-16 N/A
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
CVE-1999-0235 1 Ncsa 1 Ncsa Web Server 2026-04-16 N/A
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.