Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2101 1 Microsoft 1 Outlook 2026-04-16 N/A
Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
CVE-2006-2538 2 Ie Tab, Mozilla 2 Ie Tab, Firefox 2026-04-16 N/A
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability.
CVE-2002-2102 1 Jcraft 1 Jzlib 2026-04-16 N/A
InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.
CVE-2006-2540 1 Dieselscripts 1 Diesel Job Site 2026-04-16 N/A
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
CVE-2002-2103 1 Apache 1 Http Server 2026-04-16 N/A
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
CVE-2002-2105 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.
CVE-2006-2542 1 Ti Kan 1 Xmcd 2026-04-16 N/A
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).
CVE-2002-2107 1 Veridis 1 Openkeyserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2002-2110 1 Rca 1 Digital Cable Modem 2026-04-16 N/A
The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device.
CVE-2006-2556 1 Florian Amrhein 1 Newsportal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-1523 1 Gnu 1 Mailutils 2026-04-16 N/A
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
CVE-2005-1559 1 Neteyes 1 Nexusway 2026-04-16 N/A
The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.
CVE-2004-0784 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
CVE-2005-1569 1 Directtopics 1 Directtopics 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.
CVE-2006-2563 1 Php 1 Php 2026-04-16 N/A
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
CVE-2006-2566 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages.
CVE-2006-2568 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
CVE-2005-1639 1 Atinegar 1 Sigma Isp Manager 2026-04-16 N/A
SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields.
CVE-2005-1658 1 Myserver 1 Myserver 2026-04-16 N/A
Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).
CVE-2005-1651 1 Woppoware 1 Postmaster 2026-04-16 N/A
Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter.