Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0729 1 Microsoft 1 Sql Server 2026-04-16 N/A
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
CVE-2002-0744 1 Ibm 1 Aix 2026-04-16 N/A
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
CVE-1999-1020 1 Novell 1 Netware 2026-04-16 N/A
The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.
CVE-2002-0755 1 Freebsd 1 Freebsd 2026-04-16 N/A
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
CVE-2006-1111 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.
CVE-2002-1685 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition and Personal Edition 1.7 and 1.7.2 allows remote attackers to execute arbitrary script as other users by injecting script into ext.dll ISAPI.
CVE-2006-1116 1 Ncipher 1 Ncore 2026-04-16 N/A
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
CVE-2002-1860 1 Pramati 1 Pramati Server 2026-04-16 N/A
Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2002-1695 2 Microsoft, Symantec 3 Internet Information Server, Internet Information Services, Norton Internet Security 2026-04-16 N/A
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
CVE-2006-1117 1 Ncipher 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more 2026-04-16 N/A
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVE-2002-1545 1 Cooolsoft 1 Personal Ftp Server 2026-04-16 N/A
CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response.
CVE-2006-1126 1 Gallery Project 1 Gallery 2026-04-16 N/A
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
CVE-2006-1131 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.
CVE-2006-1134 1 Jason Smith 1 Cyboards Php Lite 2026-04-16 N/A
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php.
CVE-2004-0979 1 Microsoft 3 Ie, Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
CVE-2004-0990 6 Gd Graphics Library, Gentoo, Openpkg and 3 more 6 Gdlib, Linux, Openpkg and 3 more 2026-04-16 N/A
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
CVE-2002-1704 1 Zeroboard 1 Zeroboard 2026-04-16 N/A
Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" variables are enabled, allows remote attackers to execute arbitrary PHP code by modifying the _zb_path parameter to reference a URL on a remote web server that contains the code.
CVE-2006-1141 1 Inter7 1 Qmailadmin 2026-04-16 N/A
Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
CVE-2004-1007 2 Bogofilter, Ubuntu 2 Email Filter, Ubuntu Linux 2026-04-16 N/A
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
CVE-2006-1143 1 Ftpoed 1 Ftpoed Blog Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when posting a comment.