Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2183 1 Phpxmail 1 Phpxmail 2026-04-16 N/A
class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
CVE-1999-1311 1 Hp 1 Hp-ux 2026-04-16 N/A
Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges.
CVE-1999-0088 1 Ibm 1 Aix 2026-04-16 N/A
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
CVE-2006-4861 1 Mohammed Mehdi Panjwani 1 Complain Center 2026-04-16 N/A
SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
CVE-2006-4885 1 Shadowed Portal 1 Shadowed Portal 2026-04-16 N/A
PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
CVE-2006-4923 1 Esyndicat Portal System 1 Esyndicat Portal System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
CVE-2006-1960 1 Cisco 1 Wireless Lan Solution Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
CVE-1999-0585 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
A Windows NT administrator account has the default name of Administrator.
CVE-1999-1538 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
CVE-2001-0350 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
CVE-2000-0394 1 Axent 1 Netprowler 2026-04-16 N/A
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
CVE-2004-1415 1 Ben3w 1 2bgal 2026-04-16 N/A
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
CVE-2004-2007 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.
CVE-2006-2592 1 Dschat 1 Dschat 2026-04-16 N/A
Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2659 1 Double Precision Incorporated 1 Courier Mta 2026-04-16 N/A
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVE-2006-0843 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
CVE-2005-4569 1 Floosietek 1 Ftgate 2026-04-16 N/A
Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value.
CVE-2006-0907 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter.
CVE-2006-0910 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.
CVE-2006-2017 1 Dnsmasq 1 Dnsmasq 2026-04-16 N/A
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.