Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1691 1 Manic Web 1 Mwnewsletter 2026-04-16 N/A
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.
CVE-2005-1854 1 Debian 1 Apt-cacher 2026-04-16 N/A
Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.
CVE-2006-3842 1 Adventnet 1 Zoho Virtual Office 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
CVE-2001-1325 1 Microsoft 2 Internet Explorer, Outlook Express 2026-04-16 N/A
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
CVE-2005-1858 1 Fuse 1 Fuse 2026-04-16 N/A
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
CVE-2006-1693 1 Globalscape 1 Secure Ftp Server 2026-04-16 N/A
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
CVE-2006-3844 1 Pablo Software Solutions 1 Quick N Easy Ftp Server 2026-04-16 N/A
Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027.
CVE-1999-0280 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
CVE-2001-1327 1 Berkeley Softworks 1 Pmake 2026-04-16 N/A
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
CVE-2005-1865 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-1869 1 Appindex 1 Mwchat 2026-04-16 N/A
PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.
CVE-2006-1698 1 Matt Wright 1 Matt Wright Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
CVE-2001-1333 2 Easy Software Products, Redhat 2 Cups, Powertools 2026-04-16 N/A
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
CVE-2006-3848 1 Krischan Jodies 1 Ip Calculator 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.
CVE-2002-0492 1 Dcscripts 1 Dcshop 2026-04-16 N/A
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
CVE-2005-1875 1 Exhibit Engine 1 Exhibit Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
CVE-2006-3849 1 Pumpkin Studios 2 Warzone, Warzone Resurrection 2026-04-16 N/A
Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.
CVE-2005-1876 1 Cutephp 1 Cutenews 2026-04-16 4.5 Medium
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
CVE-1999-0291 1 Qbik 1 Wingate 2026-04-16 N/A
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
CVE-2006-3852 1 Phptoys 1 Micro Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields.