Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0281 1 Napster 1 Napster Client 2026-04-16 N/A
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
CVE-2000-0254 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
CVE-2000-0282 1 Talentsoft 1 Web\+ 2026-04-16 N/A
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
CVE-2000-0283 1 Sgi 1 Irix 2026-04-16 N/A
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
CVE-2006-0408 1 Sun 1 Grid Engine 2026-04-16 N/A
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.
CVE-2006-0417 1 Mywebland 1 Minibloggie 2026-04-16 N/A
SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.
CVE-2002-0132 1 Chinput 1 Chinput 2026-04-16 N/A
Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2006-0420 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."
CVE-2006-0423 1 Oracle 1 Weblogic Portal 2026-04-16 N/A
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
CVE-2006-0424 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
CVE-2006-2836 1 Pineapple Technologies 1 Lore 2026-04-16 N/A
SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2006-0426 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
CVE-2006-0427 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
CVE-2006-0430 1 Bea 1 Weblogic Server 2026-04-16 N/A
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
CVE-2002-0134 1 Avirt 1 Avirt Gateway Suite 2026-04-16 N/A
Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command.
CVE-2002-0579 1 Workforceroi 1 Xpede 2026-04-16 N/A
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVE-2006-0446 1 Webwork 1 Webwork 2026-04-16 N/A
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors.
CVE-2006-0447 1 E-post Corporation 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon 2026-04-16 N/A
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.
CVE-2006-0448 1 E-post Corporation 2 Mail Server, Spa-pro Mail Atsolomon 2026-04-16 N/A
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.
CVE-2006-0457 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.