Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1709 1 Interaktiv 1 Interaktiv.shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2006-2823 1 A.shopkart 1 A.shopkart 2026-04-16 N/A
Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb.
CVE-2004-0237 1 Aprox Portal 1 Aprox Portal 2026-04-16 N/A
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
CVE-2006-1711 1 Plone 1 Plone 2026-04-16 N/A
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
CVE-2004-0248 1 Phpx 1 Phpx 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum.
CVE-2006-2847 1 Full Revolution 1 Aspweblinks 2026-04-16 N/A
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
CVE-2004-0255 1 Xlight Ftp Server 1 Xlight Ftp Server 2026-04-16 N/A
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.
CVE-2006-1712 1 Gnu 1 Mailman 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVE-2004-0259 1 Joe Lumbroso Acks 1 Formmail.php 2026-04-16 N/A
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
CVE-2006-3541 1 Kyberna 1 Ky2help 2026-04-16 N/A
SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes."
CVE-2006-1713 1 Phpmyforum 1 Phpmyforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2004-0274 1 Eggheads 1 Eggdrop Irc Bot 2026-04-16 N/A
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
CVE-2006-1716 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.
CVE-2004-0278 1 Ratbag 5 Dirt Track Racing, Dirt Track Racing Australia, Dirt Track Racing Sprint Cars and 2 more 2026-04-16 N/A
Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.
CVE-2004-0295 1 Transsoft 1 Broker Ftp Server 2026-04-16 N/A
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.
CVE-2004-0296 1 Transsoft 1 Broker Ftp Server 2026-04-16 N/A
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection.
CVE-2004-0300 1 Ecommerce Corporation Online 1 Store Kit 2026-04-16 N/A
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
CVE-2004-0318 1 Platform 1 Lsf 2026-04-16 N/A
Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges.
CVE-2004-0325 1 Typsoft 1 Typsoft Ftp Server 2026-04-16 N/A
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".
CVE-2004-0335 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.