Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2278 1 Arabless 1 Saphplesson 2026-04-16 N/A
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
CVE-2006-2285 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2026-04-16 N/A
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2003-1294 2 Redhat, Xscreensaver 2 Enterprise Linux, Xscreensaver 2026-04-16 N/A
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2006-2401 1 Outgun 1 Outgun 2026-04-16 N/A
The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read.
CVE-2003-1259 1 Globalscape 1 Cuteftp 2026-04-16 N/A
Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
CVE-2006-2549 1 Pdf Tools Ag 1 Pdf Form Filling And Flattening Tool 2026-04-16 N/A
Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.
CVE-2006-2571 1 Alkacon 1 Opencms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.
CVE-2006-2572 1 Dian Gemilang 1 Dgbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.
CVE-2003-1168 1 Http Commander 1 Http Commander 2026-04-16 N/A
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.
CVE-2003-1167 1 Gernot Stocker 1 Kpopup 2026-04-16 N/A
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
CVE-2006-4793 1 Tualblog 1 Tualblog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.
CVE-2006-2584 1 Skyebox 1 Skyebox 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox."
CVE-2003-1159 1 Plug And Play 1 Plug And Play Web Server Proxy 2026-04-16 N/A
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
CVE-2003-1150 1 Novell 2 Netware, Zenworks Desktops 2026-04-16 N/A
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
CVE-2006-2632 1 Andrew Godwin 1 Bytehoard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
CVE-2006-3857 1 Ibm 1 Informix Dynamic Database Server 2026-04-16 N/A
Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
CVE-2006-3858 1 Ibm 1 Informix Dynamic Server 2026-04-16 N/A
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
CVE-2000-0638 1 Sean Macguire 1 Big Brother 2026-04-16 N/A
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
CVE-2002-1463 1 Symantec 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more 2026-04-16 N/A
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
CVE-2006-2689 1 Eva-web 1 Eva-web 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php.