Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1102 1 Hummingbird 1 Cyberdocs 2026-04-16 N/A
Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.
CVE-2006-4294 1 Twiki 1 Twiki 2026-04-16 N/A
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-4300 1 8pixel.net 1 Simple Blog 2026-04-16 N/A
SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2003-1104 1 Ibm 1 Tivoli Firewall Toolbox 2026-04-16 N/A
Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2002-1395 2 Debian, Redhat 3 Internet Message, Enterprise Linux, Linux 2026-04-16 N/A
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
CVE-2002-1396 2 Php, Redhat 2 Php, Linux 2026-04-16 N/A
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2006-4304 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
CVE-2003-1105 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
CVE-2003-1106 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
CVE-2002-1413 1 Novell 1 Netware 2026-04-16 N/A
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
CVE-2002-1423 1 Ilia Alshanetsky 1 Fudforum 2026-04-16 N/A
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVE-2006-4315 1 Ssh 4 Tectia Client, Tectia Connector, Tectia Manager and 1 more 2026-04-16 N/A
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
CVE-2006-4318 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
CVE-2002-1427 1 Easy Scripts Archive 2 Advanced Easy Homepage Creator, Easy Homepage Creator 2026-04-16 N/A
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
CVE-2006-4325 1 Doika 1 Doika Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2002-1459 1 Leszek Krupinski 1 L-forum 2026-04-16 N/A
Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.
CVE-2002-1460 1 Leszek Krupinski 1 L-forum 2026-04-16 N/A
L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.
CVE-2006-4331 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-16 N/A
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
CVE-2006-4348 1 Kochsuite Component 1 Kochsuite Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2002-1489 1 Planetdns 1 Planetweb 2026-04-16 N/A
Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.