Export limit exceeded: 362877 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2357 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
CVE-2006-0764 1 Cisco 3 Anomaly Guard Module, Guard, Traffic Anomaly Detector Module 2026-04-16 N/A
The Authentication, Authorization, and Accounting (AAA) capability in versions 5.0(1) and 5.0(3) of the software used by multiple Cisco Anomaly Detection and Mitigation products, when running with an incomplete TACACS+ configuration without a "tacacs-server host" command, allows remote attackers to bypass authentication and gain privileges, aka Bug ID CSCsd21455.
CVE-2000-0506 1 Linux 1 Linux Kernel 2026-04-16 N/A
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
CVE-2006-0774 1 Lawrence Osiris 1 Db Esession 2026-04-16 N/A
SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.
CVE-2004-1480 1 Hp 1 Storageworks Command View 2026-04-16 N/A
Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.
CVE-2004-1519 1 Benjamin Curtis 1 Phpbugtracker 2026-04-16 N/A
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
CVE-2003-0228 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
CVE-2004-2646 1 Reid Garner 1 Free Web Chat 2026-04-16 N/A
The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.
CVE-2005-2086 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2005-4832 1 Oracle 1 Oracle10g 2026-04-16 N/A
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.
CVE-2003-0648 2 Debian, Fte 2 Debian Linux, Fte Text Editor 2026-04-16 N/A
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
CVE-2002-1788 1 Kim Storm 1 Nn 2026-04-16 N/A
Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.
CVE-2002-1830 1 Openbb 1 Openbb 2026-04-16 N/A
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
CVE-2002-1889 1 Logsurfer 1 Logsurfer 2026-04-16 N/A
Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.
CVE-2006-1564 1 Debian 1 Debian Linux 2026-04-16 N/A
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
CVE-2001-1419 2 Aol, Cerulean Studios 2 Instant Messenger, Trillian 2026-04-16 N/A
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
CVE-2006-1582 1 Blanknberg 1 Blanknberg 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue.
CVE-2006-3259 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment).
CVE-2005-4548 1 Rws 1 Statistics Counter 2026-04-16 N/A
SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-0621 1 Zaireweb Solutions 1 Newsletter Zws 2026-04-16 N/A
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.