Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1956 1 File Upload Manager 1 File Upload Manager 2026-04-16 N/A
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.
CVE-2005-1954 1 Singapore 1 Singapore 2026-04-16 N/A
singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message.
CVE-2005-1943 1 Loki 1 Loki Download Manager Catgory Version 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.
CVE-2005-1942 1 Cisco 1 Catalyst 2026-04-16 N/A
Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.
CVE-2006-1719 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
CVE-1999-0373 1 Debian 1 Debian Linux 2026-04-16 N/A
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
CVE-2006-1715 1 Tugzip 1 Tugzip 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.
CVE-2005-1936 1 Xerox 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more 2026-04-16 N/A
Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access."
CVE-2006-3302 1 Cbsms 1 Mambo Module 2026-04-16 N/A
PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-2153 1 Jbmc Software 1 Directadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2006-1714 1 Phpmyforum 1 Phpmyforum 2026-04-16 N/A
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.
CVE-2006-1712 1 Gnu 1 Mailman 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVE-2005-1935 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
CVE-1999-0355 1 Broadcom 1 Controlit 2026-04-16 N/A
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
CVE-2006-1710 1 Design Nation 1 Dnguestbook 2026-04-16 N/A
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.
CVE-2002-0631 1 Sgi 1 Irix 2026-04-16 N/A
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.
CVE-2006-1709 1 Interaktiv 1 Interaktiv.shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2005-1934 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error.
CVE-1999-0346 1 Php 1 Php Fi 2026-04-16 N/A
CGI PHP mlog script allows an attacker to read any file on the target server.
CVE-2006-2123 1 Network Administration Visualized 1 Network Administration Visualized 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.