Total
29893 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level. | ||||
| CVE-2002-1308 | 3 Mozilla, Netscape, Redhat | 4 Mozilla, Navigator, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression. | ||||
| CVE-2006-4273 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. | ||||
| CVE-2003-1087 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. | ||||
| CVE-2002-1315 | 1 Iplanet | 1 Iplanet Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows remote attackers to execute web script or HTML as the iPlanet administrator by injecting the desired script into error logs, and possibly escalating privileges by using the XSS vulnerability in conjunction with another issue (CVE-2002-1316). | ||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2026-04-16 | N/A |
| Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. | ||||
| CVE-2002-1316 | 1 Iplanet | 1 Iplanet Web Server | 2026-04-16 | N/A |
| importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315). | ||||
| CVE-2006-4278 | 1 Sportsphool | 1 Sportsphool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. | ||||
| CVE-2002-1320 | 2 Redhat, University Of Washington | 3 Enterprise Linux, Linux, Pine | 2026-04-16 | N/A |
| Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks ("). | ||||
| CVE-2002-0735 | 2 C-note, Padl Software | 3 Squid Auth Ldap, Nss Ldap, Pam Ldap | 2026-04-16 | N/A |
| Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages. | ||||
| CVE-2002-0740 | 1 Slrn Development Team | 1 Slrn | 2026-04-16 | N/A |
| Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument. | ||||
| CVE-2002-0742 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in pioout on AIX 4.3.3. | ||||
| CVE-2006-4023 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | ||||
| CVE-2002-0749 | 1 Cgiscript.net | 1 Csmailto | 2026-04-16 | N/A |
| CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field. | ||||
| CVE-2003-0926 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets. | ||||
| CVE-2002-0755 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root. | ||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | ||||
| CVE-2002-0757 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2026-04-16 | N/A |
| (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | ||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | ||||