Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1295 1 Grant Averett 1 Cerberus Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
CVE-2005-1783 1 W.m.r. Simpson 1 Bookreview 2026-04-16 N/A
BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE.
CVE-1999-0229 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
Denial of service in Windows NT IIS server using ..\..
CVE-2001-1298 1 Grant Horwood 1 Webodex 2026-04-16 N/A
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2002-0472 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
CVE-2005-1785 1 Zongg 1 Zongg 2026-04-16 N/A
SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2004-0205 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.
CVE-2002-0475 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
CVE-2006-1682 1 Talentsoft 1 Web\+ Shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script.
CVE-2006-3280 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability."
CVE-2005-1793 1 Microsoft 1 Windows 98se 2026-04-16 N/A
User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
CVE-2006-3282 1 Datetopia 1 Dating Agent Pro 2026-04-16 N/A
requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
CVE-2002-0476 1 Macromedia 1 Flash Player 2026-04-16 N/A
Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.
CVE-2006-3284 1 Datetopia 1 Dating Agent Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.
CVE-2006-3286 1 Cisco 1 Wireless Control System 2026-04-16 N/A
The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951).
CVE-2005-1802 1 Nortel 9 Contivity, Vpn Router 1010, Vpn Router 1050 and 6 more 2026-04-16 N/A
Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.
CVE-2005-1803 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.
CVE-1999-0300 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
CVE-2005-1885 1 Yapig 1 Yapig 2026-04-16 N/A
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.
CVE-2005-1889 1 Sun 1 Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.