Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4887 1 Apple 2 Apple Remote Desktop, Mac Os X 2026-04-16 N/A
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVE-2006-4888 1 Microsoft 1 Ie 2026-04-16 N/A
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
CVE-1999-0501 2026-04-16 N/A
A Unix account has a guessable password.
CVE-2006-4889 1 Telekorn 1 Signkorn Guestbook 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
CVE-1999-0507 2026-04-16 N/A
An account on a router, firewall, or other network device has a guessable password.
CVE-1999-0510 2026-04-16 N/A
A router or firewall allows source routed packets from arbitrary hosts.
CVE-1999-0513 7 Digital, Freebsd, Hp and 4 more 8 Unix, Freebsd, Hp-ux and 5 more 2026-04-16 N/A
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVE-2006-4890 1 Unak 1 Unak Cms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
CVE-2006-2588 1 Russcom Network 1 Phpimages 2026-04-16 N/A
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability.
CVE-1999-0525 2026-04-16 N/A
IP traceroute is allowed from arbitrary hosts.
CVE-2006-4892 1 Techno Dreams 1 Faq Manager Package 2026-04-16 N/A
SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-1999-0533 2026-04-16 N/A
A DNS server allows inverse queries.
CVE-2006-4894 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-1999-0555 2026-04-16 N/A
A Unix account with a name other than "root" has UID 0, i.e. root privileges.
CVE-2006-4898 1 Guanxicrm 1 Guanxicrm Business Solution 2026-04-16 N/A
PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
CVE-2004-0767 1 Ngsec 1 Stackdefender 2026-04-16 N/A
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.
CVE-1999-0581 1 Microsoft 1 Windows Nt 2026-04-16 N/A
The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, system-critical permissions.
CVE-2006-2609 1 Artmedic Webdesign 1 Artmedic Newsletter 2026-04-16 N/A
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-1999-0641 2026-04-16 N/A
The UUCP service is running.
CVE-1999-0653 2026-04-16 N/A
A component service related to NIS+ is running.