Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0114 1 Joomla 1 Joomla 2026-04-16 N/A
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2026-04-16 N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2006-1119 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2026-04-16 N/A
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
CVE-2002-2344 1 Ensim 1 Webppliance 2026-04-16 N/A
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address.
CVE-1999-0839 1 Microsoft 1 Ie 2026-04-16 N/A
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
CVE-2005-2959 1 Todd Miller 1 Sudo 2026-04-16 N/A
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
CVE-2002-2265 2 Hp, Open Source Internet Solutions 2 Tru64, Open Source Internet Solutions 2026-04-16 N/A
Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.
CVE-2006-1174 2 Debian, Redhat 2 Shadow, Enterprise Linux 2026-04-16 N/A
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
CVE-1999-0909 1 Microsoft 4 Terminal Server, Windows 95, Windows 98se and 1 more 2026-04-16 N/A
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
CVE-2005-1426 1 Uapplication 1 Ublog 2026-04-16 N/A
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb).
CVE-2003-1541 1 Planetmoon 1 Guestbook 2026-04-16 N/A
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
CVE-2006-2918 1 Lanap Botdetect 1 Captcha Asp.net 2026-04-16 N/A
The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."
CVE-1999-0227 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
CVE-2006-0525 1 Adobe 9 Acrobat, Acrobat Reader, Creative Suite and 6 more 2026-04-16 N/A
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.
CVE-2002-1590 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
CVE-2002-2254 1 Linux 1 Linux Kernel 2026-04-16 N/A
The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to access certain network traffic that would otherwise be restricted.
CVE-2004-2689 1 Newsphp 1 Newsphp 2026-04-16 N/A
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
CVE-1999-0344 1 Microsoft 1 Windows Nt 2026-04-16 N/A
NT users can gain debug-level access on a system process using the Sechole exploit.
CVE-2003-1356 1 Hp 1 Hp-ux 2026-04-16 N/A
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.
CVE-2002-1111 1 Mantis 1 Mantis 2026-04-16 N/A
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.