Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0584 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.
CVE-2006-0593 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
CVE-2006-0598 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file.
CVE-2006-0607 1 Hinton Design 1 Phphd 2026-04-16 N/A
check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication.
CVE-2006-0612 1 Powersave 1 Powersave 2026-04-16 N/A
Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-0613 1 Sun 1 J2se 2026-04-16 N/A
Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications.
CVE-2006-3566 1 Hivemail 1 Hivemail 2026-04-16 N/A
search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters.
CVE-2006-0614 1 Sun 3 Jdk, Jre, Sdk 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
CVE-2000-0532 1 Freebsd 1 Freebsd 2026-04-16 N/A
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
CVE-2006-0616 1 Sun 2 Jdk, Jre 2026-04-16 N/A
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
CVE-2006-2942 1 Twiki 1 Twiki 2026-04-16 N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2000-0533 1 Sgi 1 Workshop Debugger And Performance Tools 2026-04-16 N/A
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
CVE-2002-0166 2 Redhat, Stephen Turner 2 Powertools, Analog 2026-04-16 N/A
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
CVE-2006-0617 1 Sun 2 Jdk, Jre 2026-04-16 N/A
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."
CVE-2006-3567 1 Juniper 1 Dx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.
CVE-2006-0618 1 Qnx 1 Neutrino Rtos 2026-04-16 N/A
Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 allows local users to execute arbitrary code via format string specifiers in the zeroth argument (program name).
CVE-2006-2948 1 Alan Ward 1 A-cart 2026-04-16 N/A
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.
CVE-2006-0620 1 Qnx 1 Rtos 2026-04-16 N/A
Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.
CVE-2006-0621 1 Qnx 1 Rtos 2026-04-16 N/A
Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.
CVE-2006-2949 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.