Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3622 1 Dream4 1 Koobi Pro 2026-04-16 N/A
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
CVE-2006-1564 1 Debian 1 Debian Linux 2026-04-16 N/A
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
CVE-2006-1285 1 Symantec 2 Ghost Solutions Suite, Norton Ghost 2026-04-16 N/A
SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information.
CVE-2006-1947 1 Nicplex 1 Plexum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.
CVE-2006-1582 1 Blanknberg 1 Blanknberg 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue.
CVE-1999-1326 1 Washington University 1 Wu-ftpd 2026-04-16 N/A
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
CVE-2005-1254 1 Ipswitch 1 Imail 2026-04-16 N/A
Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 and 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to cause a denial of service (crash) via a SELECT command with a large argument.
CVE-2006-1229 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0855 1 Coolforum 1 Coolforum 2026-04-16 N/A
CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.
CVE-1999-0846 1 Deerfield 1 Mdaemon 2026-04-16 N/A
Denial of service in MDaemon 2.7 via a large number of connection attempts.
CVE-1999-1325 1 Vax Vms 1 Sas System 2026-04-16 N/A
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
CVE-2005-4548 1 Rws 1 Statistics Counter 2026-04-16 N/A
SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-1911 1 Azerbaijan Development Group 1 Azdgdating 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.
CVE-2006-1940 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
CVE-1999-1323 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE.
CVE-2005-0874 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
CVE-1999-1427 1 Sun 1 Solstice Adminsuite 2026-04-16 N/A
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
CVE-2006-1128 1 Gallery Project 1 Gallery 2026-04-16 N/A
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
CVE-2006-1919 1 Thomas Voecking 1 Internet Photoshow 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Internet Photoshow 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2004-1912 2 Francisco Burzi, Shiba-design 2 Php-nuke, Nukecalendar 2026-04-16 N/A
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.