Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0899 1 4images 1 Image Gallery Management System 2026-04-16 N/A
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
CVE-2006-0978 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers.
CVE-2006-0969 1 Pixelartkingdom 1 Top Sites 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter.
CVE-2006-0983 1 David Barrett 1 Qwikiwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2002 1 Mambo 1 Mambo 2026-04-16 N/A
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
CVE-2006-0972 1 Fscripts 1 Fantastic News 2026-04-16 N/A
SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846.
CVE-2000-1149 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
CVE-2006-0992 1 Novell 1 Groupwise Messenger 2026-04-16 N/A
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
CVE-2001-1267 2 Gnu, Redhat 3 Tar, Enterprise Linux, Linux 2026-04-16 N/A
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
CVE-2006-0993 1 3com 1 Tippingpoint Sms Server 2026-04-16 N/A
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
CVE-2006-0999 1 Novell 2 Netware, Open Enterprise Server 2026-04-16 N/A
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
CVE-2006-1013 1 Smartblog 1 Smartblog 2026-04-16 N/A
PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter.
CVE-2005-0606 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
CVE-2006-1025 1 Addsoft 1 Storebot 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1027 1 Joomla 1 Joomla 2026-04-16 N/A
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
CVE-2006-1028 1 Joomla 1 Joomla 2026-04-16 N/A
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
CVE-2006-1163 1 Nodez 1 Nodez 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant from the directory traversal vulnerability.
CVE-2006-1168 2 Ncompress, Redhat 2 Ncompress, Enterprise Linux 2026-04-16 N/A
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
CVE-2006-3327 1 E-cbd.biz 1 Custom Dating Biz Dating Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name parameter ("Album Name" field) in profile/photo_create.php, and the (3) u parameter in admin/user_view.php.
CVE-2006-1175 1 Weonlydo 1 Weonlydo Sftp 2026-04-16 N/A
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.