Export limit exceeded: 365822 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365822 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1982 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
CVE-2006-4450 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
CVE-2006-4443 1 Alstrasoft 1 Video Share Enterprise 2026-04-16 N/A
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
CVE-2006-2659 1 Double Precision Incorporated 1 Courier Mta 2026-04-16 N/A
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVE-2006-2592 1 Dschat 1 Dschat 2026-04-16 N/A
Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-2007 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.
CVE-2004-1415 1 Ben3w 1 2bgal 2026-04-16 N/A
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
CVE-2003-1396 1 Opera 1 Opera Browser 2026-04-16 N/A
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
CVE-2000-0394 1 Axent 1 Netprowler 2026-04-16 N/A
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
CVE-1999-0899 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
CVE-2001-0350 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
CVE-1999-1538 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-1999-0585 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT administrator account has the default name of Administrator.
CVE-2006-1960 1 Cisco 1 Wireless Lan Solution Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
CVE-2006-4923 1 Esyndicat Portal System 1 Esyndicat Portal System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
CVE-2006-4885 1 Shadowed Portal 1 Shadowed Portal 2026-04-16 N/A
PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
CVE-2006-4861 1 Mohammed Mehdi Panjwani 1 Complain Center 2026-04-16 N/A
SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
CVE-1999-1199 1 Apache 1 Http Server 2026-04-16 N/A
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
CVE-1999-0376 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
CVE-2002-0276 1 Ettercap 1 Ettercap 2026-04-16 N/A
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.