Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4763 1 Ibm 1 Lotus Domino Web Access 2026-04-16 N/A
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
CVE-2006-2888 1 Wikiwig 1 Wikiwig 2026-04-16 N/A
PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter.
CVE-2006-2896 1 Funkboard 1 Funkboard 2026-04-16 N/A
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
CVE-1999-0103 2026-04-16 N/A
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
CVE-2006-4418 1 Wikepage 1 Wikepage 2026-04-16 N/A
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
CVE-2006-2901 1 D-link 1 Dwl-2100ap 2026-04-16 N/A
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
CVE-2006-2903 1 Particle Soft 1 Particle Links 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2004-2115 1 Oracle 1 Http Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
CVE-2006-2905 1 Particle Soft 1 Particle Links 2026-04-16 N/A
Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message.
CVE-2002-0374 2 Padl Software, Redhat 3 Pam Ldap, Enterprise Linux, Linux 2026-04-16 N/A
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
CVE-2002-0745 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in uucp in AIX 4.3.3.
CVE-2006-2911 1 Hotwebscripts 1 Cms Mundo 2026-04-16 N/A
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2002-1091 4 Mozilla, Netscape, Opera Software and 1 more 5 Mozilla, Navigator, Opera Web Browser and 2 more 2026-04-16 N/A
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
CVE-2005-4514 1 Webwasher 1 Csm Appliance Suite 2026-04-16 N/A
The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103
CVE-2006-3001 1 Okscripts 1 Okmall 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message.
CVE-2006-3135 1 Hotwebscripts 1 Cms Mundo 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
CVE-2006-3151 1 Associated 1 Associated Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.
CVE-2006-3153 1 Thinkfactory 1 Ultimate Estate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-3160 1 Onedotoh 1 Simple File Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-3168 1 Comscripts 1 Cs-forum 2026-04-16 N/A
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.