Search Results (363873 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1521 1 Mdg Computer Services 1 Web Server 4d 2026-04-16 N/A
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
CVE-2002-1518 1 Sgi 1 Irix 2026-04-16 N/A
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.
CVE-2006-3177 1 Bible Portal Project 1 Bible Portal Project 2026-04-16 N/A
PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter.
CVE-2005-2271 1 Alexander Clauss 1 Icab 2026-04-16 N/A
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVE-2004-2728 1 Hummingbird 1 Connectivity 2026-04-16 N/A
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
CVE-2002-1610 1 Hp 2 Hp-ux, Tru64 2026-04-16 N/A
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
CVE-2006-3170 1 Comscripts 1 Cs-forum 2026-04-16 N/A
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
CVE-2002-1493 1 Lycos 1 Htmlgear Guestgear 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
CVE-2006-3169 1 Comscripts 1 Cs-forum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php.
CVE-2006-3168 1 Comscripts 1 Cs-forum 2026-04-16 N/A
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.
CVE-2006-3166 1 Free Realty 1 Free Realty 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter.
CVE-2002-1447 1 Cisco 1 Vpn Client 2026-04-16 N/A
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
CVE-2006-3163 1 Imgallery 1 Imgallery 2026-04-16 N/A
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
CVE-2002-1443 1 Google 1 Toolbar 2026-04-16 N/A
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
CVE-2002-2352 1 Neosoft 1 Neobook 2026-04-16 N/A
The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.
CVE-2006-3148 1 Open-realty 1 Open-realty 2026-04-16 N/A
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
CVE-2006-3146 2 Microsoft, Toshiba 2 Windows, Bluetooth Stack 2026-04-16 N/A
The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.
CVE-2004-2664 1 John Lim 1 Adodb 2026-04-16 N/A
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
CVE-2005-2245 1 F5 1 Tmos 2026-04-16 N/A
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.
CVE-2006-3132 1 Qto 1 Qtofilemanager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php.