Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4974 1 Ipswitch 1 Ws Ftp Server 2026-04-16 N/A
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
CVE-2006-4970 1 Wahm E-commerce 1 Pie Cart Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
CVE-2004-1687 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
CVE-2006-4969 1 Wahm E-commerce 1 Pie Cart Pro 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
CVE-2001-1268 2 Info-zip, Redhat 3 Unzip, Enterprise Linux, Linux 2026-04-16 N/A
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
CVE-2006-2608 1 Artmedic Webdesign 1 Artmedic Newsletter 2026-04-16 N/A
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
CVE-2006-0080 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.
CVE-2006-0079 1 Scoznet 1 Scozbook 2026-04-16 N/A
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable).
CVE-2006-0078 1 Haddad Said 1 B-net Software 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.
CVE-2006-0073 1 Discusware 2 Discus Freeware, Discus Professional 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0124 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
CVE-2005-1402 1 Mtp-target 1 Mtp-target 2026-04-16 N/A
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.
CVE-1999-1497 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
CVE-1999-1453 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.
CVE-1999-1451 1 Microsoft 2 Internet Information Server, Site Server 2026-04-16 N/A
The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files.
CVE-2006-0433 1 Freebsd 1 Freebsd 2026-04-16 N/A
Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop).
CVE-2006-0522 1 Symantec 1 Sygate Management Server 2026-04-16 N/A
SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.
CVE-1999-1450 1 Sco 2 Openserver, Unixware 2026-04-16 N/A
Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges.
CVE-2006-0538 1 Ciphertrust 1 Ironmail 2026-04-16 N/A
CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.
CVE-2006-0563 1 Pluggedout 1 Pluggedout Blog 2026-04-16 N/A
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.