Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0208 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.
CVE-2006-2767 1 Ottoman 1 Ottoman 2026-04-16 N/A
PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php.
CVE-2006-0211 1 Helm Hosting 1 Helm Hosting Control Panel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.
CVE-2006-0213 1 Kolab 1 Kolab Groupware Server 2026-04-16 N/A
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
CVE-2006-2769 1 Sourcefire 1 Snort 2026-04-16 N/A
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.
CVE-2006-0214 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.
CVE-2000-0278 1 Saleslogix 1 Corporation Eviewer 2026-04-16 N/A
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
CVE-2002-0097 1 Geeklog 1 Geeklog 2026-04-16 N/A
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
CVE-2006-2771 1 Hogstorps 1 Hogstorp Guestbook 2026-04-16 N/A
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
CVE-2006-0215 1 Qualityebiz 1 Quality Ppc 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216.
CVE-2006-2772 1 Hogstorps 1 Hogstorp Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2000-0245 1 Sgi 1 Irix 2026-04-16 N/A
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
CVE-2000-0280 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
CVE-2001-0998 1 Ibm 2 Aix, Hacmp 2026-04-16 N/A
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
CVE-2006-0224 1 Libast 1 Libast 2026-04-16 N/A
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
CVE-2001-1201 1 Timecop 1 Wmcube Gdk 2026-04-16 N/A
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
CVE-2006-0233 1 Microblog 1 Microblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
CVE-2000-0281 1 Napster 1 Napster Client 2026-04-16 N/A
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
CVE-2000-0254 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
CVE-2000-0282 1 Talentsoft 1 Web\+ 2026-04-16 N/A
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.