Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1038 1 Sap 1 Internet Transaction Server 2026-04-16 N/A
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
CVE-2003-1044 1 Mozilla 1 Bugzilla 2026-04-16 N/A
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
CVE-2006-4744 1 Abidia 2 Abidia Wireless, O-anywhere 2026-04-16 N/A
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
CVE-2006-4745 1 Scarybear 1 Pocketexpense Pro 2026-04-16 N/A
ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
CVE-2006-4750 1 Openi-cms Group 1 Openi-cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
CVE-2006-4762 1 Rssreader 1 Rssreader 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
CVE-2003-1399 1 Eject 1 Eject 2026-04-16 N/A
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
CVE-2004-0047 1 Yamamoto Hirotaka 1 Trr19 2026-04-16 N/A
Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges.
CVE-2004-0071 2026-04-16 N/A
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.
CVE-2004-0087 1 Apple 1 Mac Os X 2026-04-16 N/A
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
CVE-2006-4799 1 Xine 1 Xine-lib 2026-04-16 N/A
Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
CVE-2004-0202 1 Microsoft 7 Directx, Windows 2000, Windows 2003 Server and 4 more 2026-04-16 N/A
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
CVE-2006-4802 1 Symantec 2 Client Security, Norton Antivirus 2026-04-16 N/A
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
CVE-2006-4821 1 Drupal 1 Drupal Userreview Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4823 1 Reamday Enterprises 1 Magic News Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
CVE-2004-0212 2 Avaya, Microsoft 8 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 5 more 2026-04-16 N/A
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.
CVE-2004-0322 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
CVE-2006-4828 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
CVE-2006-4831 1 Iodine 1 Iodine 2026-04-16 N/A
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."