Search Results (365399 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1153 1 D2-shoutbox 1 D2-shoutbox 2026-04-16 N/A
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
CVE-2001-0451 1 Sentraweb 1 Indexu 2026-04-16 N/A
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
CVE-2006-1154 1 Fscripts 1 Fantastic News 2026-04-16 N/A
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.
CVE-2006-3143 1 Maximus 1 Schoolmax 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter.
CVE-2001-0453 1 Brs 1 Webweaver 2026-04-16 N/A
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
CVE-2006-1157 1 Adp 1 Adp Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.
CVE-2001-0458 4 Debian, Mandrakesoft, Ralf S. Engelschall and 1 more 4 Debian Linux, Mandrake Linux, Eperl and 1 more 2026-04-16 N/A
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
CVE-2001-0459 2 Afterstep.org, Rob Malda 2 Afterstep, Ascdc 2026-04-16 N/A
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
CVE-2001-0460 1 Baltimore Technologies 1 Websweeper 2026-04-16 N/A
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
CVE-2006-1161 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
CVE-2001-0461 1 Denis Howe 1 Foldoc 2026-04-16 N/A
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
CVE-2006-1162 1 Nodez 1 Nodez 2026-04-16 N/A
Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter.
CVE-2001-0462 1 Spencer Christensen 1 Perl Web Server 2026-04-16 N/A
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2006-1164 1 Nodez 1 Nodez 2026-04-16 N/A
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
CVE-2001-0465 1 Intuit 1 Turbo Tax 2026-04-16 N/A
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
CVE-2006-1165 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."
CVE-2001-0467 1 Robtex 1 Viking Server 2026-04-16 N/A
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
CVE-2001-0469 1 Freebsd 1 Freebsd 2026-04-16 N/A
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
CVE-2001-0478 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
CVE-2006-1176 1 Ebay 1 Enhanced Picture Services 2026-04-16 N/A
Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document.