Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3997 1 Zen Cart 1 Zen Cart 2026-04-16 N/A
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.
CVE-2006-3238 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
CVE-2005-4005 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
CVE-2006-3256 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2006-3272 1 Astrodog Press 1 Some Chess 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2003-0124 2 Andries Brouwer, Redhat 3 Man, Enterprise Linux, Linux 2026-04-16 N/A
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
CVE-1999-0011 8 Data General, Ibm, Isc and 5 more 11 Dg Ux, Aix, Bind and 8 more 2026-04-16 5.4 Medium
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-1999-0015 4 Hp, Microsoft, Netbsd and 1 more 5 Hp-ux, Windows 95, Windows Nt and 2 more 2026-04-16 N/A
Teardrop IP denial of service.
CVE-2003-0126 1 Multitech 1 Routefinder 550 Vpn 2026-04-16 N/A
The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.
CVE-1999-0016 6 Cisco, Gnu, Hp and 3 more 8 Ios, Inet, Hp-ux and 5 more 2026-04-16 N/A
Land IP denial of service.
CVE-2005-4261 1 Positive Software 1 Cp\+ 2026-04-16 N/A
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.
CVE-1999-0018 3 Ibm, Sgi, Sun 4 Aix, Irix, Solaris and 1 more 2026-04-16 N/A
Buffer overflow in statd allows root privileges.
CVE-2005-4262 1 Envolution 1 Envolution 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
CVE-1999-0019 7 Data General, Ibm, Ncr and 4 more 10 Dg Ux, Aix, Mp-ras and 7 more 2026-04-16 N/A
Delete or create a file via rpc.statd, due to invalid information.
CVE-1999-0021 1 Muhammad A. Muquit 1 Wwwcount 2026-04-16 N/A
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.
CVE-1999-0024 6 Bsdi, Ibm, Isc and 3 more 12 Bsd Os, Aix, Bind and 9 more 2026-04-16 N/A
DNS cache poisoning via BIND, by predictable query IDs.
CVE-2003-0133 2 Gnome, Redhat 2 Gtkhtml, Linux 2026-04-16 N/A
GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.
CVE-1999-0029 1 Sgi 1 Irix 2026-04-16 8.4 High
root privileges via buffer overflow in ordist command on SGI IRIX systems.
CVE-1999-0031 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2026-04-16 N/A
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
CVE-2003-0138 2 Mit, Redhat 3 Kerberos, Enterprise Linux, Linux 2026-04-16 N/A
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.