Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0239 1 Atrium Software 3 Mercur Imap4 Server, Mercur Mailserver, Mercur Pop3 Server 2026-04-16 N/A
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
CVE-2005-4385 1 Cofax 1 Cofax 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
CVE-2006-3813 1 Redhat 1 Enterprise Linux 2026-04-16 N/A
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.
CVE-2000-0237 1 Netscape 1 Enterprise Server 2026-04-16 N/A
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
CVE-2006-3817 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
CVE-2006-3818 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
CVE-2006-4019 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2000-0236 1 Netscape 1 Enterprise Server 2026-04-16 N/A
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
CVE-2006-4072 1 Club-nuke 1 Club-nuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp.
CVE-2006-2488 1 Spymac 1 Spymac Web Os 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php.
CVE-2006-4073 1 Phpcc 1 Phpcc 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.
CVE-2006-4075 1 Wim Fleischhauer 1 Docpile We 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
CVE-2003-0717 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows Me and 2 more 2026-04-16 N/A
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2006-4077 1 Comet 1 Comet Webfile Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.
CVE-2006-4078 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
CVE-2006-4082 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
CVE-2000-0235 1 Freebsd 1 Freebsd 2026-04-16 N/A
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
CVE-2000-0234 1 Sun 2 Cobalt Raq 2, Cobalt Raq 3i 2026-04-16 N/A
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
CVE-2006-2616 1 Alstrasoft 1 Webhost Directory 2026-04-16 N/A
SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.
CVE-2003-0689 1 Redhat 2 Enterprise Linux, Linux 2026-04-16 N/A
The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.