Search Results (366170 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1415 1 Dotnetbb 1 Dotnetbb Forums 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.
CVE-2006-1416 1 Xigla 1 Absolute Faq Manager .net 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter.
CVE-2001-1374 3 Conectiva, Don Libes, Redhat 3 Linux, Expect, Linux 2026-04-16 N/A
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
CVE-2006-1417 1 Caloris Planitia Technologies 1 Web Quiz Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.
CVE-2006-1420 1 Arabless 1 Saphplesson 2026-04-16 N/A
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
CVE-2006-1422 1 Jjwwebdesign 1 Phpbookingcalendar 2026-04-16 N/A
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
CVE-2001-1382 1 Openbsd 1 Openssh 2026-04-16 N/A
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVE-2001-1383 1 Redhat 1 Linux 2026-04-16 N/A
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
CVE-2001-1388 2 Netfilter, Redhat 2 Iptables, Linux 2026-04-16 N/A
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
CVE-2006-1423 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.
CVE-2006-1536 1 Phoetux.net 1 Phxcontacts 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
CVE-2006-1538 1 Enova 1 X-wall Asic 2026-04-16 N/A
The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus.
CVE-2001-1410 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
CVE-2006-1426 1 Pixel Motion 1 Pixel Motion Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php.
CVE-2001-1413 2 Ncompress, Redhat 2 Ncompress, Enterprise Linux 2026-04-16 N/A
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
CVE-2001-1415 1 Openbsd 1 Openbsd 2026-04-16 N/A
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
CVE-2001-1421 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
CVE-2001-1423 1 Advanced Poll 1 Advanced Poll 2026-04-16 N/A
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
CVE-2006-1553 1 Tachyon 1 Vsns Lemon 2026-04-16 N/A
SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2001-1427 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.