Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0364 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
CVE-2006-2795 1 Xiti 1 Xiti Tracking Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2838 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2026-04-16 N/A
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
CVE-2002-0373 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
CVE-2002-0727 1 Microsoft 2 Office Web Components, Project 2026-04-16 N/A
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
CVE-2002-0381 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
CVE-2006-2987 1 Dominios Europa 1 Picrate 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3003 1 Easy Ad-manager 1 Easy Ad-manager 2026-04-16 N/A
details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed.
CVE-2006-3049 1 Mole Group Ticket Booking Script 1 Mole Group Ticket Booking Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php.
CVE-2006-3116 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php, (7) lua_output.php, (8) permissions.php, (9) profile.php, (10) raids.php, (11) register.php, (12) roster.php, and (13) view.php.
CVE-2002-0384 2 Redhat, Rob Flynn 4 Enterprise Linux, Linux, Powertools and 1 more 2026-04-16 N/A
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
CVE-2003-0266 1 Bvrp Software 1 Slwebmail 2026-04-16 N/A
Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
CVE-2006-3225 1 Sun 2 Java System Application Server, One Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2002-0729 1 Microsoft 1 Sql Server 2026-04-16 N/A
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
CVE-2006-3311 2 Adobe, Redhat 3 Flash Player, Flex Sdk, Rhel Extras 2026-04-16 N/A
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
CVE-2006-3324 1 Id Software 1 Quake 3 Engine 2026-04-16 N/A
The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
CVE-2002-0730 1 Philip Chinery 1 Philip Chinerys Guestbook 2026-04-16 N/A
Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.
CVE-2006-3351 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
CVE-2003-0268 1 Bvrp Software 1 Slwebmail 2026-04-16 N/A
SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message.
CVE-2006-2825 1 Cpanel 1 Cpanel 2026-04-16 N/A
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.