Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4865 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
CVE-2002-0709 1 Surfcontrol 2 Superscout Web Filter, Web Filter 2026-04-16 N/A
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.
CVE-2000-0062 1 Zope 1 Zope 2026-04-16 N/A
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
CVE-2005-4860 1 Spectrumcu 1 Cash Receipting System 2026-04-16 7.8 High
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.
CVE-2006-2682 1 Back-end 1 Back-end Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
CVE-2005-4855 1 Ez 1 Ez Publish 2026-04-16 N/A
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
CVE-2006-2680 1 Php4script 1 Az Photo Album Script Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter.
CVE-2005-4852 1 Ez 1 Ez Publish 2026-04-16 N/A
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
CVE-2005-4851 1 Ez 1 Ez Publish 2026-04-16 N/A
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
CVE-2005-4850 1 Ez 1 Ez Publish 2026-04-16 N/A
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
CVE-2005-4848 1 Rim 1 Blackberry Enterprise Server 2026-04-16 N/A
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets.
CVE-2006-2676 1 Sitescape 1 Sitescape Forum 2026-04-16 N/A
Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.
CVE-2005-4847 1 Spey 1 Spey 2026-04-16 N/A
Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.
CVE-2006-3751 1 Htmlarea3 1 Htmlarea3 2026-04-16 N/A
PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-4845 1 Sun 1 Java Plug-in 2026-04-16 N/A
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVE-2006-2675 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
CVE-2006-3750 1 Hashcash 1 Hashcash 2026-04-16 N/A
PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2003-0107 2 Redhat, Zlib 3 Enterprise Linux, Linux, Zlib 2026-04-16 N/A
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
CVE-2005-4610 1 Dopewars 1 Dopewars 2026-04-16 N/A
Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.
CVE-2005-4613 1 Vubb 1 Vubb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile.