Search Results (362223 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3901 1 Tumbleweed 1 Mailgate Email Firewall 2026-04-16 N/A
Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.
CVE-2005-4241 1 Vcd-db 1 Vcd-db 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.
CVE-2006-3900 1 Tobias Kloy 1 Tp-book 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2006-3898 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the Click method of the Internet.HHCtrl.1 ActiveX object before initializing the URL, which triggers a null dereference.
CVE-2006-3882 1 Musicbox 1 Musicbox 2026-04-16 N/A
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
CVE-2005-4238 1 Mantis 1 Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVE-2003-0104 1 Peoplesoft 1 Peopletools 2026-04-16 N/A
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
CVE-2003-0101 3 Engardelinux, Usermin, Webmin 3 Guardian Digital Webtool, Usermin, Webmin 2026-04-16 N/A
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
CVE-2001-0507 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
CVE-2005-4236 1 Cartkeeper 1 Ckgold Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2003-0100 1 Cisco 1 Ios 2026-04-16 N/A
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
CVE-2006-3850 1 Lussumo 1 Vanilla 2026-04-16 N/A
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected
CVE-2006-3849 1 Pumpkin Studios 2 Warzone, Warzone Resurrection 2026-04-16 N/A
Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.
CVE-2003-0099 1 Apc 1 Apcupsd 2026-04-16 N/A
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.
CVE-2006-3848 1 Krischan Jodies 1 Ip Calculator 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.
CVE-2005-4235 1 Whmcompletesolution 1 Whmcompletesolution 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2006-3843 1 Mambo 1 Mambo Calendar 2026-04-16 N/A
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
CVE-2006-3842 1 Adventnet 1 Zoho Virtual Office 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 Build 3210 allows remote attackers to execute arbitrary web script or HTML via an HTML message.
CVE-2006-3674 1 Armagetron 1 Armagetron Advanced 2026-04-16 N/A
nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function.
CVE-2006-3675 1 Counterpane 1 Passwordsafe 2026-04-16 N/A
Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.