Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4087 1 Sugarcrm 1 Sugar Suite 2026-04-16 N/A
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter.
CVE-2006-0395 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-2006-1176 1 Ebay 1 Enhanced Picture Services 2026-04-16 N/A
Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document.
CVE-2000-0361 1 Suse 1 Suse Linux 2026-04-16 N/A
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
CVE-2003-0913 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
CVE-2006-4967 1 Nextage 1 Nextage Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php.
CVE-2006-4969 1 Wahm E-commerce 1 Pie Cart Pro 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
CVE-2003-0626 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments.
CVE-2006-4974 1 Ipswitch 1 Ws Ftp Server 2026-04-16 N/A
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
CVE-2006-2881 1 Dreamcost 1 Dreamaccount 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
CVE-2006-3036 1 Andy Mack 1 35mmslidegallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 35mmslidegallery 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) imgdir parameter in (a) index.php, and the (2) w, (3) h, and (4) t parameters in (b) popup.php.
CVE-2006-4976 1 John Lim 1 Adodb Date Library 2026-04-16 N/A
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
CVE-2005-0579 1 Freenx 1 Freenx 2026-04-16 N/A
nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.
CVE-2006-4978 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
CVE-2000-0364 1 Redhat 1 Linux 2026-04-16 N/A
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
CVE-2004-1956 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
CVE-2003-0644 2 Johannes Sixt, Redhat 2 Kdbg, Enterprise Linux 2026-04-16 N/A
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.
CVE-2002-1185 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
CVE-1999-0505 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT domain user or administrator account has a guessable password.
CVE-2004-1971 1 Oscar Fafian 1 Video Gallery 2026-04-16 N/A
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message.