Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2639 1 Drew Withers 1 Journalness 2026-04-16 N/A
Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
CVE-2006-1097 1 Datenbank Module 1 Datenbank Module 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php.
CVE-2004-2647 1 Reid Garner 1 Free Web Chat 2026-04-16 N/A
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
CVE-2004-2654 1 Squid 1 Squid 2026-04-16 N/A
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
CVE-2006-1098 1 Digital Builder 1 Nz Ecommerce 2026-04-16 N/A
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem
CVE-2000-1179 1 Netopia 1 650-st Isdn Router 2026-04-16 N/A
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
CVE-2004-2657 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.
CVE-2006-1100 1 Sauerbraten 2 Cube, Sauerbraten 2026-04-16 N/A
Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data.
CVE-2004-2658 1 Suse 1 Suse Linux 2026-04-16 N/A
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2006-3102 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
CVE-2006-3103 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
CVE-2006-3683 1 Flipper Poll 1 Flipper Poll 2026-04-16 N/A
PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2006-3105 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.
CVE-2005-0001 3 Linux, Redhat, Trustix 4 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 1 more 2026-04-16 N/A
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.
CVE-2006-3107 1 Docebo 1 Docebo 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) admin/modules/news/news_class.php and (b) admin/modules/content/content_class.php, and (2) GLOBALS[where_cms] to (c) admin/modules/block_media/util.media.php. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576, but the vectors are different.
CVE-2006-3109 1 Cisco 1 Call Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2026-04-16 N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVE-2005-0006 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).
CVE-2005-0013 2 Ncpfs, Redhat 2 Ncpfs, Enterprise Linux 2026-04-16 N/A
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
CVE-2005-0015 1 Crosswire Bible Society 1 Sword 2026-04-16 N/A
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.